Sophisticated cyberattack on U.S. government much worse than first feared

The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first believed. The Cybersecurity and Infrastructure Security Agency said in a summary Thursday that the threat “poses a grave risk to the federal government.” CISA added that “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations” are also at risk.

Sophisticated cyberattack on U.S. government much worse than first feared

Sam Shead for CNBC:

“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” CISA said. “Removing the threat actor from compromised environments will be highly complex and challenging.” CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.

The FBI said Wednesday it is “investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.”

CISA said those behind the attack used network management software made by SolarWinds, a Texas-headquartered IT firm, to breach the government networks. As many as 18,000 SolarWinds Orion customers downloaded a software update that contained a backdoor, which the hackers used to gain access to the networks. CISA issued an “emergency directive” this week instructing federal civilian agencies to “immediately disconnect or power down affected SolarWinds Orion products from their network.” But the perpetrators may have used other means to access the networks. CISA said Thursday is investigating “evidence of additional access vectors, other than the SolarWinds Orion platform.”

Jack Stubbs and Ryan McNeill for Reuters:

Suspected Russian hackers accessed the systems of a U.S. internet provider and a county government in Arizona as part of a sprawling cyber-espionage campaign disclosed this week, according to an analysis of publicly-available web records.

The intrusions into networks at Cox Communications and the local government in Pima County, Arizona, show that alongside victims including the U.S. departments of Defence, State, and Homeland Security, the hackers also spied on less high-profile organizations.

SolarWinds, which disclosed its unwitting role at the centre of the global hack on Monday, has said that up to 18,000 users of its Orion software downloaded a compromised update containing malicious code planted by the attackers.

As the fallout continued to roil Washington on Thursday, with a breach confirmed at the U.S. Energy Department, U.S. officials warned that the hackers had used other attack methods and urged organisations not to assume they were protected if they didn’t use recent versions of the SolarWinds software.

Microsoft, which was one of the thousands of companies to receive the malicious update, said it had currently notified more than 40 customers whose networks were further infiltrated by the hackers.

MacDailyNews Take: As we said on Monday of this cyberattack on U.S. government and others, “This sounds like just the tip of the iceberg.”

For more information, read FireEye’s blog post: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor.

31 Comments

  1. But, don’t worry your empty little heads, mindless lemmings, the random jumble of electronic voting systems are perfectly secure and your election results are absolutely untainted. CNN says so.

    1. The hack was done by US military loyal to the Constitution. (Kraken) A trap was set for the deep state and they fell right into it. These fools who support the NWO have no idea what is about to happen. It’s going to be fun to watch.

  2. There is no evidence provided that such an attack ever took place. Multiple sources called this differently and as “the securest ever”. This conspiracy theory is also disputed. Learn more about CISA security efforts. Also you are banned for distributing, commenting and reading this post.

  3. No. I smell a false flag conspiracy. US history has had abundant examples: Communism, Viet Nam, Saddam, possibly the WTC, now this super duper cyber attack where we are al supposed to jump up in outrage. Gees. Come on! All have one thing in common: The enrichment of congressional friends via a bigger and more elaborate, hence pricier, National Security Police State Apparatus which kicks back money to legislator’s reelection campaigns. It’s about the growth of the military and police-based government to control people better.
    In the meantime, normal, non-connected and poor folks are increasing in numbers. Pay them first, then pay Pentagon contractors later on with token, low pay contracts and jobs.
    So don’t fall for this current synthetic, phony, false, totally made up, fantasy shenanigan.

  4. I guess the authorities (FBI) were in Austin for some hiking on the Greenbelt and they have friends at Solar Winds that like to hike? (Let’s play it up a bit Solar Winds CEO…tell ’em we wanted your passport…just to make it fit the narrative, ok?)

    1. Your mention of Russiagate an applicable reference…but look how long it took to play out and be revealed.
      If fact, it’s still playing out. There are more than a couple of visitors to this site that still think the story has veracity. A guy with a “T” name start for instance, that’s the self-appointed truth detector for all, is one. T is not for Trump, btw.

      The point, “who the fark knows” unless time has eroded the flack and the real substance is revealed?
      We are in a period where truth/reality is frighteningly fluid.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.