America’s some of the core and deeply held secrets may have been hacked in a cyberattack by suspected elite hackers. The USA’s major cybersecurity agency warned last week about the severe threat to the federal government and the private sector, calculating what information may have been compromised, damage yet unknown.
The energy department and the National Nuclear Security Administration (NNSA) which maintains America’s nuclear weapons stockpile have evidenced that hackers accessed their network as a part of a massive espionage operation. The espionage has affected at least half a dozen federal agencies. According to a Politico last week’s report.
How Did The Attack Happen?
Agencies told the US government that the cyberattack started in March this year. The famous US company SolarWinds (who develops software for businesses to help manage their systems, networks, and information technology infrastructure) whose software Orion (which provides centralized monitoring and management of the entire IT networks of the organizations, to hundreds of thousands of organizations around the world) has poised with the malware injected by the elite hackers in the march software updates.
FireEye was one of the major and the first agency that discovered a global intrusion campaign by the hackers. According to FireEye, they are tracking the actors behind this campaign as UNC2452. They discover malware in this attack and named it SUNBURST.
The malware which the hackers introduced in the software gave the hackers remote access to the organization’s internal networks including internal email networks.
Victims of the attack:
About more than 300,000 customers from about 18000 government and private organizations downloaded and installed the compromised software updates including the 500 most Fortune companies and government agencies in Europe, Asia, Middle East, and North America are affected by the attack.
The victims of the cyberattack include most important government organizations bases in the US i.e the National Nuclear Security Administration (NNSA), Energy Department’s Federal Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in Washington and New Mexico, the Office of Secure Transportation at NNSA, and the Richland Field Office of the Department Of Energy (DOE). The other Federal agencies including the Department of Defense (DOD), the Pentagon, the Department of Justice (DOJ), and the Department of Homeland Security were also known to be potential victims of the cyber attack. According to the report published in Forbes.
FireEye (the US-based cybersecurity company, which is involved in the detection and prevention of major cyberattacks) said in a report, it has detected this activity at multiple entities worldwide. The victims have included government, technology, consulting, telecom, and extractive entities in North America, Asia, Europe, and the Middle East. We anticipated there are additional victims in other countries and verticals. FireEye has notified all entities we are aware of being affected.
The Associated Press has said in a report that hackers may have gained access to “some of the US most deeply held secrets in a disciplined months-long hacking operation”. It will take weeks, maybe years for digital sleuths combing through US government and private industry networks to get the answers and to know about the damage that has been done.
SolarWinds said in a statement that the monitoring products it released in March and June of this year may have been surreptitiously weaponized in a highly sophisticated, targeted…. attack by a nation-state.
The US government accuses Russia of the cyberattack that stretches back months. The elite group of hackers lead the espionage campaign and break deep into the computer networks of the federal defense departments known to be backed by the Russian government. According to a report published in The Washington Post, People who familiar with the intrusion and who speak on the condition of anonymity because of the sensitivity of the matter said, Russian hackers group, nicknames APT29 or Cozy Bear, the part of the SVR (The Foreign Intelligence Service of the Russian Federation, Russia’s external intelligence agency) and FSB (Russian Federal Security Service, Russia’s internal security agency) are involved in the cyber attack.
The Russian Embassy in Washington last week, called the reports of Russian hacking ‘baseless’. They said in a statement on Facebook “Attacks in the information space contradict” Russian foreign policy and national interests. “Russia does not conduct offensive operations” in the cyber domain. According to The Washington Post.
Experts Statements about the Attack:
“This is a big deal and given what we now know about where breaches happened. I am expecting the scope to grow as more logs are reviewed. When an aggressive group like this gets open sesame to many desirable systems, they are going to use it widely”.
According to John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy. Published in The Washington Post.
“Removing this threat actor from compromised environments will be highly complex and challenging for organizations”. CISA (Cybersecurity and Infrastructure Security Agency) said in a statement. Published in The Guardian.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place. We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
Joe Biden said in a statement. A report published in The Guardian.
” The cyber hack is like Russian bombers have been repeatedly flying undetected over our entire country.” Senator Mitt Romney said in a tweet.
“SolarWinds is used by hundreds of thousands of organizations… and it has admin access to the network. Monday may be a bad day for lots of security teams.” Dmitri Alperovitch, chairman, Silverado Policy Accelerator. Co-founder and former Chief Technology Officer of CrowdStrike.
” Stunning, today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what’s going on. Declassify what’s known and unknown.” Richard Blumenthal, a US Senator.
” Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign… This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.“
Joint statement by the FBI (Federal Bureau of Investigation), CISA (Cybersecurity and Infrastructure Security Agency), and the ODNI (Office of the Director Of National Intelligence).
After analyzing the different research papers and news articles, published by several US government and private organizations, we can say that it is one of the worse espionage operations from an elite group of hackers that stretches back months. The cyberattack was very disciplined and highly sophisticated that even the US government’s highly capable agencies like NSA or FireEye don’t even know about the attack for months.
The hackers dive deep into the networks and fetch some of the core secrets and tools from the main defense agencies of the US government. Despite the government is refusing a major loss from the attack but the overall situation is very critical regarding the hack. The government’s agencies are trying to estimate the data loss in the espionage operation but it may take weeks, months, or even years to know which secrets or sensitive data have been lost in the attack.
This article is published and managed by the admin of Global Defense Analysis.