Hackers broke into US government agency networks as part of a monthslong global campaign, likely gaining access by infiltrating software updates sent by an IT provider. Many experts suspect Russia is responsible.
At least two US government agencies, including the Treasury and the Department of Commerce, were struck by a major computer hack from a foreign agent, insiders told reporters on Sunday.
The FBI and the Department of Homeland Security’s cybersecurity division are investigating the cyberespionage campaign.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the National Security Council.
Cybersecurity expert Dmitri Alperovitch told The Associated Press, “this can turn into one of the most impactful espionage campaigns on record.”
Access through IT provider
Cybersecurity firm FireEye said foreign hackers had broken into its network and stolen the company’s own hacking tools just days earlier. The company was hacked through the SolarWinds network management system.
SolarWinds told The Associated Press on Sunday that there was a “potential vulnerability” related to updates released earlier this year. The company stopped short of saying the Treasury hacking occurred through them, but two people familiar with the investigation said the channels provided by the company was likely how they gained access.
If successfully hacked, SolarWinds could give the hackers “God-mode” access to the network, which makes everything visible, said Alperovitch.
On its website, SolarWinds includes among its customers most of the US’ Fortune 500 companies, all of the country’s top 10 telecommunications providers, all branches of the military, the State Department, National Security Agency (NSA) and the Office of the US president.
Former NSA hacker Jake Williams said it seemed clear that both the Treasury Department and FireEye were hacked due to the same vulnerability.
“The timing of the release here is, I think, not at all a coincidence,” he told The Associated Press, adding that the hack has likely gone far beyond just the Treasury and Commerce departments.
“I suspect that there’s a number of other [federal] agencies we’re going to hear from this week that have also been hit.”
Foreign nation potentially involved
A person familiar with the incident, who was not allowed to speak to the press, said the hack was performed by a “nation state,” telling Reuters that the hackers were “highly sophisticated.”
The attack comes just days after US officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data. Three people involved in the investigation into the hacking have said they currently believed Russia was behind the hacking.
Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), tweeted Sunday that “hacks of this type take exceptional tradecraft and time.” He warned that the operation could have been underway for months.
Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.— Chris Krebs (@C_C_Krebs) December 13, 2020
The Russian Embassy in the United States denied any wrongdoing in a Facebook post late Sunday. It said American media had made “unfounded attempts…to blame Russia for the hacker attacks on US governmental bodies.”
“Russia does not conduct offensive operations in the cyber domain,” read the statement.
The post went on to say that Russia has promoted bilateral and multilateral cybersecurity agreements with the US, but “suggestions to start constructive and equal dialogue with the US remain unanswered.”
The hacking comes at a sensitive time, as countries have been planning or rolling out vaccines against COVID-19. There have been several suspected cases of hacking related to vaccines in recent weeks.
- Stephen Appiah excludes Asamoah Gyan from his list of best Ghanaian players
- ‘I dread pain and abuse’ – A female head porter opens up on her daily trauma
- Police arrest notorious armed robber in Tema
- ‘Government is either feigning incompetence on the point of how we fix structures or is pretending to fix them’ – Barker-Vormawor
- CID probes 53 schools over alleged corruption in school feeding programme
- Virologist warns of third wave of Covid-19 in Ghana
- NSMQ2021: Mfantsipim School begins redemption campaign from regional qualifiers
- Covid-19: GHS to roll out second doses from May 19
- 2022 World Cup Qualifiers: Black Stars to camp in Europe despite postponement
- #NSMQ2021: Mfantsiman Girls SHS dumped for the third time in a row at regionals championship
Israeli Embassy organises investment forum for agriculture
Kwabena Agyepong’s NPP membership re-instated
G7 nations pledge $389m over Boko Haram insurgency
Dolait appreciates Chief Imam for role in providing peaceful business climate
Multimedia Group journalist, Isaac K. Normanyo gets ‘Adansiman Bofuo’ award
CDC Group commits $100 million to ETG Group
Tolon-Naa honours Oppong Nkrumah for service to his country
We will not allow any religious group to plunge Ghana into chaos – Muntaka
Akufo-Addo meets families of May 9 victims
Astroturf pitch commissioned to boost football in Old Tafo
Burglars target Nigeria president’s chief of staff
Climate change: Zoggu residents cannot access water
Amanase residents burn fetish priest’s car over suspected ritual murder
Actor sues TikTok for using her voice in viral tool
9 dead after shooting at Russian school