BELOW SUPERNAV drop zone ⇩

Austin-based SolarWinds at center of massive US government hack

FILE – The U.S. Treasury Department building viewed from the Washington Monument, Wednesday, Sept. 18, 2019, in Washington. Hackers got into computers at the U.S. Treasury Department and possibly other federal agencies, touching off a government response involving the National Security Council. Security Council spokesperson John Ullyot said Sunday, Dec. 13, 2020 that the government is aware of reports about the hacks. (AP Photo/Patrick Semansky, file)

MAIN AREA TOP drop zone ⇩

MAIN AREA TOP drop zone ⇩

ovp test

mLife Diagnostics LLC: Oral Fluid Drug Testing

Male shot by female at Shreveport apartment

Class to create biodiverse backyard

Rules for outbursts at Caddo School Board Meeting

AUTO TEST CUSTOM HTML 20241114185800

AUTO TEST CUSTOM HTML 20241115200405

AUTO TEST CUSTOM HTML 20241118165728

AUTO TEST CUSTOM HTML 20241118184948

WASHINGTON (KXAN) — Hackers broke into the networks of the Treasury and Commerce departments as part of a global cyberespionage campaign. They accessed those networks by slipping malware into a SolarWinds software update, according to the global cybersecurity firm FireEye, which was also compromised.

The first phases of this monthslong cyberespionage campaign started in the spring. The malware gave the hackers remote access to victims’ networks.

The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies. Industry experts said it bore the hallmarks of Russian tradecraft.

“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.

The hacks were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. FireEye’s customers include federal, state and local governments and top global corporations.

SolarWinds emailed its customers warning about the hack and recommending they upgrade immediately.

How and why hackers targeted SolarWinds

The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.

SolarWinds is headquarted in Austin with offices off of Southwest Parkway in Southwest Austin.

FireEye, without naming the breached agencies or other targets, said in a blog post that its investigation into the hack of its own network had identified “a global campaign” targeting governments and the private sector that, beginning in the spring, slipped malware into a SolarWinds software update.

The malware gave the hackers remote access to victims’ networks.

Get fact-based, unbiased news coverage 24/7 with the NewsNation app. Download it here.

SolarWinds CEO reacts to the hack

SolarWinds said the “potential vulnerability” was related to updates released between March and June for software that helps organizations monitor their online networks for problems.

“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement.

The compromise is critical because SolarWinds would give a hacker “God-mode” access to the network, making everything visible, said Alperovitch.

FireEye said it had notified “multiple organizations” globally where it saw indications of compromise. It said that the hacks did not seed self-propagating malware — like the 2016 NotPetya malware blamed on Russia that caused more than $10 billion in damage globally — and that any actual infiltration of an infected organization required “meticulous planning and manual interaction.”

The U.S. government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect.

National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”

Who are the SolarWinds customers who might be affected?

On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the U.S. military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice and the White House. It says the 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also among customers.

The government’s Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help “identify and mitigate any potential compromises.”

President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.

The latest coronavirus headlines.

In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time,” adding that he believed that its impact was only beginning to be understood.

Federal government agencies have long been attractive targets for foreign hackers.

Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the internet while experts worked to eliminate the infestation.

Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding internet and telecommunications policy.

The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI had no immediate comment.

“I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” former NSA hacker Jake Williams said.

___

Krisher reported from Detroit and Bajak reported from Boston. Associated Press writer Matt O’Brien contributed to this report from Providence, Rhode Island.

Southwest

Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed

Site Settings Survey

 

MAIN AREA MIDDLE drop zone ⇩

Trending on NewsNation

AUTO TEST CUSTOM HTML 20241119133138

MAIN AREA BOTTOM drop zone ⇩

tt

KC Chiefs parade shooting: 1 dead, 21 shot including 9 kids | Morning in America

Witness of Chiefs parade shooting describes suspect | Banfield

Kansas City Chiefs parade shooting: Mom of 2 dead, over 20 shot | Banfield

WWE star Ashley Massaro 'threatened' by board to keep quiet about alleged rape: Friend | Banfield

Friend of WWE star: Ashley Massaro 'spent hours' sobbing after alleged rape | Banfield

Mist

la

58°F Mist Feels like 58°
Wind
5 mph SSW
Humidity
92%
Sunrise
Sunset

Tonight

Cloudy skies. Low 52F. Winds light and variable.
52°F Cloudy skies. Low 52F. Winds light and variable.
Wind
5 mph W
Precip
7%
Sunset
Moon Phase
Waning Crescent