I'll say it again: This goes way beyond Treasury and Commerce.Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.
The Trump administration said little in public about the hack, which suggested that while the government was worried about Russian intervention in the 2020 election, key agencies working for the administration — and unrelated to the election — were actually the subject of a sophisticated attack that they were unaware of until recent weeks.
Hackers believed to be operating on behalf of a foreign government have breached software provider SolarWinds and then deployed a malware-laced update for its Orion software to infect the networks of multiple US companies and government networks, US security firm FireEye said today.
The Washington Post cited sources claiming that multiple other government agencies were also impacted.
Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House, a day earlier, on Saturday.
Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).
SolarWinds published a press release late on Sunday admitting to the breach of Orion, a software platform for centralized monitoring and management, usually employed in large networks to keep track of all IT resources, such as servers, workstations, mobiles, and IoT devices.
The software firm said that Orion update versions 2019.4 through 2020.2.1, released between March 2020 and June 2020, have been tainted with malware.
FireEye named this malware SUNBURST and published a technical report earlier today, along with detection rules on GitHub.
Microsoft named the malware Solorigate and added detection rules to its Defender antivirus.
The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick - often referred to as a “supply chain attack” - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.
Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months, sources said.
Based on our analysis, the attacks that we believe have been conducted as part of this campaign share certain common elements:
- Use of malicious SolarWinds update: Inserting malicious code into legitimate software updates for the Orion software that allow an attacker remote access into the victim’s environment
- Light malware footprint: Using limited malware to accomplish the mission while avoiding detection
- Prioritization of stealth: Going to significant lengths to observe and blend into normal network activity
- High OPSEC: Patiently conducting reconnaissance, consistently covering their tracks, and using difficult-to-attribute tools
Under Trump's watch, we've just suffered what could be a very serious cyberattack from the country he has been coddling since he got elected.
Rather than doing anything about that, he's whining that he lost.Admittedly, he has been doing this in slo mo throughout the entire COVID crisis.
But this is a moment where the country that Trump tried to excuse after the last big hack has just seriously compromised the US.
He's doing worse than golfing.Trump JUST PARDONED the guy who undermined sanctions on Russia the last time they hacked up badly.
Now, he's AWOL. Literally couldn't give a shit.I mean NO WONDER Russia just hacked us again. The last time they did, Trump dismantled FBI to protect Flynn. Literally fired EVERYONE involved.
And I mean, literally. Trump went into FBI and DOJ and made sure that everyone with specific expertise in fighting Russia was chased out of there.
Welp, Mr. President. They just pwned Treasury. And you not just own that, you invited that.John Ratcliffe, a totally unqualified hack, is head of intelligence. He's there not bc he's qualified, but bc Trump wants help claiming Russia didn't help elect him.
Ratcliffe, hired to cover up for Russia, oversaw Russia pwning key US agencies.TFW one of my most dedicated Trump trolls admits the RU hack happened after Trump dismantled the RU-specific expertise against Russia.
Here's Mike Flynn suggesting to the FBI that the appropriate punishment for Russian for tampering in our elections was to PNG (kick out) one suspected Russian spy.
courtlistener.com/recap/gov.usco…
Here's Trump pardoning the guy who suggested an appropriate response for Russian attacking the US was to throw out one spy.
courtlistener.com/recap/gov.usco…
GUESS WHAT?!?!?
In the fact of Trump's abject capitulation to Russia on hacking, they doubled down!!!
And then this? pic.twitter.com/zRx3Ll4Z4m
— Real Wings Have Bones (@ColumbusSports) December 14, 2020
2 comments:
Joe - As stated, Orion is used throughout the DoD as the go to network monitoring tool both in classified and unclassified environments. This certainly could go way way beyond the civil agencies.
The Chinese are ramping up their war against Australia. They installed electronic spying in PNG, are spending $200m on a fish processing plant (where there's no fish) just 200kms from our mainland, and are now banning our coal exports to China. They are our enemy, a predator nation. Let's hope the US gets its Pacific defence alliances back in shape post-Trump.
Post a Comment