More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government

More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government

Join Hafta-Ichi to Research the article “More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government”

WASHINGTON — Federal officials issued an urgent warning on Thursday that hackers, who American intelligence agencies believed were working for the Kremlin, used a far wider variety of tools than previously known to penetrate government systems, calling the cyberoffensive “a grave risk to the federal government.”

The discovery suggests that the hacking, which now appears to have extended to the Energy Department agency that designs nuclear weapons and the federal agency that protects the nation’s power grid, vastly complicates the challenge for federal investigators as they search through computer networks trying to assess the damage and understand the scope of what had been stolen. A central question is whether the access could go beyond espionage, to destructive attacks.

Although the government warning made no specific reference to the origin of the hacking, intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency.

Minutes after the statement from the cybersecurity arm of the Department of Homeland Security, President-elect Joseph R. Biden Jr. issued a strong statement — especially in comparison with Mr. Trump, who has said nothing about the attacks. Mr. Biden warned that his administration would impose “substantial costs” on those responsible.

“A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Mr. Biden said, adding, “I will not stand idly by in the face of cyberassaults on our nation.”

The government warning, issued by the Cybersecurity and Infrastructure Security Agency, gave no details of the new pathways into government systems that it had detected. But it confirmed suspicions voiced this week by FireEye, a cybersecurity firm, that there were almost certainly other routes that the attackers had found to get into both the government and private networks on which the day-to-day business of the United States depend.

FireEye was the first to inform the government that the suspected Russian hackers had, since at least March, infected the periodic software updates issued by a company called SolarWinds, which makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and firms that oversee critical infrastructure, including the power grid.

Investigators and other officials say they believe the goal of the Russian attack was traditional espionage, the sort the National Security Agency and other agencies regularly conduct on foreign networks. But the extent and depth of the hacking raises concerns that hackers could ultimately use their access to shutter American systems, corrupt or destroy data, or take command of computer systems that run industrial processes. So far, though, there has been no evidence of that happening.

The alert was a clear sign of a new realization of urgency by the government. After playing down the episode — in addition to Mr. Trump’s silence, Secretary of State Mike Pompeo has deflected the hacking as one of the many daily attacks on the federal government, suggesting China was the biggest offender — the government’s new alert left no doubt the assessment had changed.

“This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” the alert said.

“It is likely that the adversary has additional initial access vectors and tactics, techniques and procedures,” which, it said, “have not yet been discovered.”

“Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence,” the warning said. As a result, it could take months, investigators say, to unravel the extent to which American networks are compromised.

Officials say that with only one month left in its tenure, the Trump administration is planning to simply hand off what appears to be the biggest cybersecurity breach of federal networks in more than two decades.

Mr. Biden’s statement said he had instructed his transition team to learn as much as possible about “what appears to be a massive cybersecurity breach affecting potentially thousands of victims.”

“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Mr. Biden said, adding that he plans to impose “substantial costs on those responsible.”

The Cybersecurity and Infrastructure Security Agency’s warning came days after Microsoft, which produces Windows software and monitors the global network of computers that make use of Windows, took emergency action along with FireEye to halt the communication between the SolarWinds network management software and a command-and-control center that the Russians were using to send instructions to their malware using a so-called kill switch.

That shut off further penetration. But it is of no help to organizations that have already been penetrated because the first software was corrupted in March. And the key line in the warning said that the SolarWinds “supply chain compromise is not the only initial infection vector” that was used to get into federal systems. That suggests other software, also used by the government, has been infected and used for access by foreign spies.

Across federal agencies, the private sector and the utility companies that oversee the power grid, forensic investigators were still trying to unravel the extent of the compromise. But security teams say the relief some felt that they did not use the compromised systems turned to panic on Thursday, as they learned other third-party applications may have been compromised.

Two security experts who work with utility companies said companies were shutting down third-party applications that have deep access to operational systems as a precaution and searching their code for signs of compromise. But to date, they said, it was not clear that grid operators had been compromised by the hackers.

In an interview this week, officials at FireEye said they believed the actual number of targets could be limited to “dozens” out of the 18,000 organizations that used the SolarWinds software. But after Thursday’s alert about other Russian entry points, security experts said they expect the number of victims to grow.

David E. Sanger reported from Washington, and Nicole Perlroth from Palo Alto, Calif.

Hafta Ichi
Source: The NY Times
Keyword: More Hacking Attacks Found as Officials Warn of ‘Grave Risk’ to U.S. Government

Leave a Comment

Your email address will not be published. Required fields are marked *