Additional Targets to Recent Cyber Attack on US National Assets

This post is also available in: עברית (Hebrew)

The consequences of the recent cyber attack against US national targets are likely to be far-reaching, with U.S. officials already reconsidering U.S. approaches to cybersecurity. 

The Department of Homeland Security, the State Department and the National Institutes of Health are included in the list of known victims of a months-long, highly sophisticated digital spying operation by Russia whose damage remains uncertain but is presumed to be extensive.

It has been revealed that the hackers have exploited technology built by SolarWinds, a federal contractor, to worm their way into networks belonging to reported victims including the departments of Treasury and Commerce.

DHS’s Cybersecurity and Infrastructure Security Agency now says the hackers aren’t relying solely on the SolarWinds backdoor for access.

In a bulletin issued by CISA, the DHS says a cyber attack connected to Russia continues to pose a “grave risk” to the government and the private sector. 

The announcement reviews security breaches at the Department of Energy, including the National Nuclear Security Administrations, which oversees the U.S. nuclear weapon stockpile. A DOE spokesperson said that so far, the malware has been isolated to business networks only, according to cyberscoop.com.

According to CISA, “It is likely that the adversary has additional initial access vectors and tactics, techniques and procedures that have not yet been discovered,” “This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” the agency said.

CISA did not identify the particular hacking group thought responsible, but the agency said it expects “removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

The vulnerable SolarWinds software is also widely used among Fortune 500 in the private sector. Breaches of the organizations began as early as March, and the victims span government, critical infrastructure and private sector organizations, CISA said.

President-elect Joe Biden said he has instructed his advisers to learn as much as possible about a hacking campaign, pledging to “elevate cybersecurity as an imperative across the government.”