Ouch! Another egg on Trump’s face who last month in a tweet accused China for the latest cyberespionage. U.S. intelligence officials investigating last month’s massive cybersecurity breach that has ripped through an unknown number of private organizations and dozens of government agencies warn the hack is part of an ongoing intelligence operation, likely being carried out by Russia, the Trump administration formally said Tuesday.
The statement was the first from the administration to link what is called the SolarWinds hack to Russia since the attack was first discovered nearly a month ago. Senior officials, including Secretary of State Mike Pompeo, have previously said in media interviews that Russia is believed to be responsible. Moscow has denied involvement. While President Trump has largely avoided speaking publicly about the attack, though on Twitter last month he said that China might be responsible. Officials have said there is no evidence linking the breaches to Beijing.
Investigators have said the hackers used a malicious update to widely used software provided by a Texas-based network-management company called SolarWinds Corp. to compromise U.S. government agencies and scores of private businesses across the globe. While investigators, including SolarWinds, continue to work to understand the scope and nature of the hack, they believe it stretches back at least to 2019. Addressing the damage—and ensuring the hackers have been booted out of federal networks—is likely to take months or years, officials and experts have said.
In a joint statement, four agencies in charge of intelligence and cybersecurity, in their public conclusion, shared Tuesday by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA), is the first formal statement of attribution from U.S. officials, and confirms previous comments by senior officials and lawmakers who said the evidence pointed “pretty clearly” to Moscow.
According to the statement from the intelligence and security agencies;
“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and nongovernmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”
‘Serious compromise’
Evidence of the breach involving SolarWinds, a Texas-based software management company, first emerged in early December when the private cybersecurity firm FireEye announced its systems had been penetrated and that sensitive information had been stolen.
In the days that followed, the hack was traced to SolarWinds, with investigators warning that approximately 18,000 customers, including U.S. government agencies and companies around the world, had been affected.
Late last month, software giant Microsoft said the hackers even managed to use the breach to access some of the company’s heavily guarded source code — the basic programming essential to running Microsoft programs and operating systems.
But despite the huge number of SolarWinds customers affected by the hack, U.S. intelligence officials said Tuesday that “a much smaller number” were compromised by follow-on activities. “We have so far identified fewer than 10 U.S. government agencies that fall into this category and are working to identify the nongovernment entities who also may be impacted,” they said in the statement.
U.S. officials had previously said the hack had impacted the departments of Defense, State, Homeland Security, Energy, Treasury and Commerce, as well as state and local governments.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the FBI, CISA, ODNI and the NSA said in Tuesday’s statement, adding the agencies will “continue taking every necessary action to investigate, remediate and share information with our partners and the American people.”
Trump response
U.S. President Donald Trump has been largely silent on the SolarWinds hack, tweeting last month, “Everything is well under control,” while appearing to deflect blame from Moscow. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China,” Trump said.
In a tweet late Tuesday, the White House National Security Council said the president “continues to surge all appropriate resources to support the whole-of-government response to the recent cyber incident affecting government networks.”
Democratic Senator Mark Warner, the vice chair of the Senate Intelligence Committee, however, accused the Trump administration of dragging its feet.
“It’s unfortunate that it has taken over three weeks after the revelation of an intrusion this significant for this administration to finally issue a tentative attribution,” Warner said in a statement late Tuesday. “We need to make clear to Russia that any misuse of compromised networks to produce destructive or harmful effects is unacceptable and will prompt an appropriately strong response.”
4 Comments
Pingback: The More we Learn About the SolarWinds Hack, the Worse it Looks - Innovation Village
Pingback: How Microsoft Hack Endangers you and me? | Innovation Village | Technology, Product Reviews, Business
Pingback: Microsoft: Russian Group 'Nobelium' Behind SolarWinds Hack now Targeting Government Agencies, NGOs | Innovation Village | Technology, Product Reviews, Business
Pingback: Hackers break into DHS, FBI e-mail server - Innovation Village | Technology, Product Reviews, Business