Solarwinds hack: U.S. officials roam to deal with suspected Russian hack by government agencies


U.S. A meeting of the Emergency Cyber ​​Response Group is scheduled for Monday afternoon to discuss government violations, a senior administration official said. U.S. officials believe a Russian-linked entity or Russian individuals were responsible for the attack, but have not yet determined the position at which the actors are responsible, the official added.

Confirming Monday’s Emergency Cyber ​​Response Group meeting, another administration official said, “We have control over who is behind the breach.” “But forensics like this take time to flourish, unless they’re lazy about it.”

Preliminary statements issued by technology company Solarwinds, whose system is being breached by hackers, indicate that the operation was sophisticated and “highly targeted”, meaning it would take some time to formally hold the perpetrators accountable.

But in the meantime, top US officials, including Foreign Secretary Mike Pompeo, have not hesitated to signal Russia’s involvement.

Asked about the hack on Monday, Pompeo cited persistent Russian efforts to breach servers involving American government agencies and businesses, but gave no additional details.

“I was constantly trying to get American servers through the Russians, but it was not just government agencies but industries as well,” Pompeo said in an interview with Breitbart News Radio.

The Russian embassy in Washington, D.C., on the other hand, has strongly denied any involvement in the hack, the first of which was reported by Reuters on Sunday, saying in a statement: Attacks U.S. government institutions. “

Attached to a previous breach?

But despite the embassy claiming that “Russia does not act aggressively in the cyber domain,” Moscow has been linked to several recent breaches, including a hack of FireI last week, a compromise with an attack that used tools called “Red Team”. To protect consumers, including government consumers.

In two blog posts on Sunday, the cybersecurity PA directly linked Solarwinds’ vulnerability to a breach of its own declaration, which was carried out by a Russian affiliate group known to APN 29, a source familiar with the matter to CNN.

FireA has described a “global intrusion campaign” that takes advantage of the critical shortcomings of a network monitoring product sold by IT network management company Solarwinds. The second blog post said the victims included government, consulting, technol.g, telecom and extractive entities in North America, Europe, Asia and the Middle East, the second blog post said they assumed additional charges in other countries and places Are victims.

A source familiar with the attacks, both reported by Fire and on Sunday, told CNN. “It’s all relevant,” he said.

“It is extremely difficult to detect and defend against such attacks in real time, taking advantage of a trusting relationship,” he said, adding that while the victims are the Commerce and Treasury departments who have been identified so far. No doubt about it. More. ”

The U.S. Department of Commerce confirmed on Sunday that it had suffered a data breach in an attack believed to be linked to Russia.

“We can confirm that there is a breach in one of our bureaus,” the Commerce Department said in a statement to CNN. “We have asked the CISA and the FBI to investigate, and we cannot comment further at this time.”

A firm that helps protect businesses and cities from cybersecurity has just hit one

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also confirmed the data security incident, telling CNN in a statement: “We are working with our agency partners on the recent activity on the government network.”

The statement further said that CISA provides technical assistance to the affected companies as they work to identify and mitigate any potential compromises.

The CISA issued a directive late Sunday stating that a compromise had been reached with tech company Solarwinds and that it posed “unacceptable risks to the security of the federal network,” said CISA executive director Brandon Wells.

Solarwinds Orion products are used by a number of federal civic agencies for network management and CISA is urging agencies to review their network for any possible signs of data breaches. This is only the fifth emergency directive since 2015, when CISA was enacted by Congress under the Cybersecurity Act.

Solarwinds said in a statement Sunday night that their system had been breached “by a foreign state and was intended to be a narrow, highly targeted and manually executed attack in protest of a comprehensive, system-wide attack.”

‘Massive national security failure’

On Monday, the technology company said it believes “less than 18,000” customers could have been affected by the software vulnerability.

In a new financial filing, Solarwinds said that out of a total of 300,000 customers, the company “considers the actual number of customers who would have established Orion products in which this vulnerability is less than 18,000.”

The company added that Solarwinds has released a software update that will address the flaws and provide “more addresses” to the security gap that will provide another software software update by December 15, the company added.

U.S. officials say Russian hackers targeting state and local governments have stolen data

Microsoft also responded to the overnight hack in a blog post, telling customers it had updated its anti-spyware program to detect vulnerabilities in Solarwinds.

“We believe this national-state activity is significant, aimed at both the government and the private sector … We also want to assure our customers that we did not identify any of Microsoft’s product or cloud service vulnerabilities in this investigation.” Said.

Senate Ron Wyden, a Democrat from Reagan who serves on the Senate Intelligence Committee, warned Monday that the damage caused by the breach could be “significantly greater than is currently known.”

“If the reports are true and state-sponsored hackers have successfully hacked software from a federal lever into a number of federal government systems, our country is facing a major national security failure, which could wreak havoc in the coming years,” he told CNN. Is. “I am pushing the government for more information about the full scope of this breach and the agencies’ steps to prevent it. I fear the damage is more significant than is currently known.”

“I have warned for years that the government is falling short on the fundamentals of the security of federal systems, and this breach unfortunately proves me right. To begin with, this high-stakes practice of allowing agencies to install high-risk software on the government There is a time without systems subjecting it to a full security review, “Wyden added.

.