CISA Warns Foreign Cyberhack Much Larger Than Reported (Dreamstime.com)
By Marisa Herman | Thursday, 17 December 2020 03:43 PM
A foreign hack of the U.S. government is even bigger than originally thought, according to the Cybersecurity and Infrastructure Security Agency.
The Washington Examiner reports the agency shared that the cyber hackers gained secretive backdoor access in more ways than just through the publicly known SolarWinds software update being corrupted.
“One of the initial access vectors for this activity is a supply chain compromise of the following SolarWinds Orion products. CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” CISA wrote on Thursday, noting that “the SolarWinds Orion supply chain compromise is not the only initial infection vector this advanced persistent threat actor leveraged.”
It also warned that “this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
CISA said that the foreign hackers compromised “U.S. government agencies, critical infrastructure entities, and private sector organizations” beginning “at least” in March and that the cyber actors “demonstrated patience, operational security, and complex tradecraft in these intrusions.”
The federal security agency added that it “expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations” and that “it is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures that have not yet been discovered.”
Just before midnight on Sunday, CISA issued a directive to get rid of all federal agency networks of potentially compromised servers after discovering that at minimum the Treasury and Commerce departments were victims of a months-long cyber campaign. The Washington Examiner reports that many believe Russia is behind the attack. The Department of Homeland Security, the State Department, and the National Institutes of Health are also believed to be victims.
On Sunday night, SolarWinds said its systems had been compromised by hackers who infiltrated the company's Orion software updates in order to distribute malware to its customers' computers. The U.S. network-management company said roughly 18,000 of its customers were affected.
According to The Wall Street Journal, Republican Sen. Chuck Grassley and Democrat Sen. Ron Wyden sent a letter to IRS Commissioner Charles Rettig on Thursday requesting a briefing.
“Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans’ privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised,” they wrote.
The FBI, CISA, and the Office of the Director of National Intelligence released a joint statement on Wednesday stating the “cybersecurity campaign” was “significant and ongoing.” The groups established a Cyber Unified Coordination Group to respond to the crisis and warned that “while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.”