[ad_1]
SAN FRANCISCO (BLOOMBERG, REUTERS) – The United States nuclear weapons agency and at least three states were hacked as part of an alleged Russian cyberattack that affected various agencies of the federal government.
Microsoft Corp was also raped and its products were used to carry out further attacks against others, Reuters reported.
The Redmond, Wash., Company said it detected a malicious version of SolarWinds software within the company, but its investigation so far has shown no evidence that hackers used Microsoft systems to attack customers.
He is a user of Orion, SolarWinds Corp’s widely deployed network management software, which was used in suspected Russian attacks on US and other agencies.
Microsoft also leveraged its own products to target victims, people familiar with the matter said.
The US National Security Agency issued a rare “cybersecurity advisory” on Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” said a Microsoft spokesperson, adding that the company had found ” not indications that our systems were used to attack others. “
One of the people familiar with the hacking wave said hackers made use of Microsoft’s cloud offerings and bypassed Microsoft’s corporate infrastructure. Microsoft did not immediately respond to questions about the technique.
Still, another person familiar with the matter said the Department of Homeland Security (DHS) does not believe Microsoft is a key avenue for a new infection.
Both Microsoft and DHS, which on Thursday said hackers used multiple entry methods, are continuing to investigate.
The FBI and other agencies have scheduled a classified briefing for members of Congress on Friday.
The Department of Energy and its National Nuclear Security Administration, which maintains America’s nuclear reserves, were targeted as part of the larger attack, according to a person familiar with the matter.
An ongoing investigation has found that the attack did not affect “mission-critical national security functions,” said Shaylyn Hynes, a spokeswoman for the Department of Energy, in a statement.
“At this point, the investigation has found that the malware has been isolated only on commercial networks,” Hynes said. The attack on the nuclear agency was previously reported by Politico.
Additionally, two people familiar with the broader government investigation into the attack said three states were violated, though they did not identify the states. A third person familiar with the investigation confirmed that the states were hacked, but did not provide a number.
In an advisory Thursday that signaled growing alarm over the breach, the Cybersecurity and Infrastructure Security Agency said hackers posed a “serious risk” to federal, state, and local governments, as well as critical infrastructure. and the private sector.
The agency said the attackers demonstrated “sophistication and complex business skill.”
While President Donald Trump has yet to publicly address the attack, President-elect Joe Biden issued a statement Thursday on “what appears to be a massive cybersecurity breach potentially affecting thousands of victims, including US businesses and government entities. federal”.
Biden’s promise
“I want to be clear: my administration will make cybersecurity a top priority at all levels of government, and we will make dealing with this breach a top priority from the moment we take office,” Biden said, pledging to impose “costs. substantial numbers on those responsible for such malicious attacks. “
Russia has denied any involvement in the attack. Microsoft spokesman Frank Shaw did not immediately respond to a request for comment.
Hynes, a spokesman for the Department of Energy, said that immediate efforts were made to mitigate the risk of the hack, including disconnection of software “identified as vulnerable to this attack.”
Although many details are still unclear, it is believed that hackers gained access to networks by installing malicious code in a widely used software program from SolarWinds Corp, whose clients include government agencies and Fortune 500 companies, according to the company and cybersecurity experts. .
The departments of Homeland Security, Treasury, Commerce and State also suffered violations, according to a person familiar with the matter.
“This is a patient, well-resourced, and focused adversary who has been long-standing in victim networks,” the cybersecurity agency said in its newsletter.
The Department of Homeland Security, which said earlier Thursday that the hackers used multiple methods of entry, continues to investigate.
The FBI and other agencies have scheduled a classified briefing for members of Congress on Friday.
The Department of Homeland Security said in a bulletin Thursday that the spies had used techniques other than corrupting updates to SolarWinds network management software, which is used by hundreds of thousands of businesses and government agencies.
“SolarWinds Orion’s supply chain engagement is not the only initial infection vector that this APT actor exploited,” said DHS ‘Cybersecurity and Infrastructure Security Agency, referring to adversaries of “advanced persistent threats.”
CISA urged the researchers not to assume that their organizations were secure if they were not using recent versions of the SolarWinds software, and also noted that the hackers did not exploit all the networks they gained access to.
CISA said it continues to analyze the other avenues used by the attackers. So far, hackers are known to have monitored at least email or other data within the US Defense, State, Treasury, Homeland Security and Commerce departments.
Up to 18,000 Orion customers downloaded the updates that contained a backdoor. Since the campaign was discovered, software companies have cut communication from those back doors to computers maintained by hackers.
But the attackers could have installed additional ways to maintain access in what some have called the biggest hack in a decade.
For that reason, officials said security teams must communicate through special channels to ensure their own detection and remediation efforts are not being monitored.
The Department of Justice, the FBI and the Department of Defense, among others, have moved routine communications to classified networks that are not believed to have been breached, according to two people briefed on the measures. They assume that unclassified networks have been accessed.
CISA and private companies, including FireEye, which was the first to discover and reveal that it had been hacked, have released a series of clues for organizations to search to see if they have been attacked.
But the attackers are very careful and have deleted records, electronic fingerprints or the files they have accessed. That makes it difficult to know what has been taken.
Some major companies have issued carefully worded statements saying they “have no evidence” that they were penetrated, but in some cases that may be because the evidence was removed.
On most networks, the attackers could also have created fake data, but so far it appears they were only interested in obtaining real data, people tracking the probes said.
Meanwhile, members of Congress are demanding more information about what could have been taken and how, along with who was behind it. The Homeland Security Committee and the House Oversight Committee announced an investigation Thursday, while senators lobbied to find out if individual tax information was obtained.
[ad_2]