Veterans Affairs officials closed the briefing on Solarwinds Hack


VA Secretary Robert Wilkie testified during the March 27, 2019, hearing before the House ropri plots subcommittee in Washington, D.C.

VA Secretary Robert Wilkie testified during the March 27, 2019, hearing before the House ropri plots subcommittee in Washington, D.C.
Photo: Alex Wong (Getty Images)

Senior officials from the Veterans Affairs Department abruptly canceled a scheduled briefing with congressional leaders this week on the extent and impact. Solarwinds cyberrate ack c, A select team of Russian hackers approved by Moscow allegedly Has infiltrated the network of many agencies and powerful corporations.

Democratic lawmakers say the VA has not yet given any explanation for its decision not to notify House and Senate oversight leaders as to whether any veteran sensitive information could be tampered with in the attack, at least one U.S. senator publicly from the agency’s head. Will ask for answers. This week, VA officials told reporters that there are currently no indications that hackers took advantage of the backdoor in their network, which was inadvertently installed by about 18,000 Solarwinds customers this year.

Inside Letter Secretary of Veterans Affairs Robert Wilkie on Wednesday, Connecticut Democrat Sen. Richard Blumenthal said the large amount the department has is “particularly vulnerable” to the consequences of breaching the brew, noting the veterans’ private data. Assessing the risk to retired members of the U.S. combat forces, Wilkie said it is not clear what steps Wilkie has taken.

“I would like to warn the VA of the impending danger and urgently request a review of the impact of this incident and what steps are being taken to ensure the resilience and privacy of the VA mission.” “This hack threatens to raise existing privacy concerns and threatens to enable hackers to ‘share and sell personal information.’

Veterans are considered a high risk for identity theft due to long-term government practices such as using social security numbers as the primary identifier for service members. People also rely heavily on the use of a document called DD Form 214 to show proof of their service. Blumenthal notes “essential reliance” on the document – copies of which the VA maintains digitally – as a particular vulnerability.

Wilkie is not responsible for answering Blumenthal’s questions, including what precautions have been taken to separate the PTE health records from other systems and whether VA has completed a forensic investigation of its cloud resources. The Trump administration has traditionally ignored most of the inquiries made by congressional Democrats in the minority.

VA, one of the largest federals in Solarwinds Customers, could not be reached immediately for comment. VA spokesperson Said the cyberscope On Wednesday, the agency uninstalled Solarwinds’ network monitoring software “with great caution” and said “there are currently no signs of exploitation.”

Removing an infected copy of the Solarwinds platform will not guarantee that the alleged Russian hackers no longer have a foothold in the network.

According to Cyberscope, other agencies have also been less concerned about such breaches than the next. Sen in another letter this week. Bob Menendez, a Democrat from New Jersey, said the U.S. State Department is “silent about whether its computers, communications and information technology systems have been compromised.”

Solarwinds attack by state actor, at least by the Office of Personnel Management Represents the most daring infiltration into a government network. 2015 breach, In which Chinese hackers investigated the files of millions of employees and the background check of the federal employee. The Department of State, Commerce, Treasury and Homeland Security, as well as the National Institutes of Health, Solarwinds are on the list of victims.

Experts say the Russian hacking group ATP29, also known as Cozy Bear, infiltrated the Texas-based software company Solarwinds in early 2019, infringing on a copy of the Orion platform, a network management tool used by dozens of federal agencies. Came. And more than three-quarters of the corporations on the revenue-based Fortune 500 list.

Experts usually associate the cozy bear, which is credited with the attack The Pentagon’s email system In 2015 and National Committee for Democracy In 2016, with the Russian foreign intelligence service, the predecessor of the KGB.

Deployed on the Orion platform, The Lover, also known as Teardrop, was very sophisticated, and according to experts, in addition to pruning users’ credentials and monitoring their keystrokes, Cozy Bear will be able to pass its activities across infected networks to enable them to pass. . IT employees.

.