NewsNation

Suspected ‘ongoing’ Russian hacking spree reached into federal agencies

WASHINGTON (NewsNation Now) — U.S. authorities expressed increased alarm Thursday about an intrusion into computer systems around the globe that officials suspect was carried out by Russian hackers, with the nation’s civilian cybersecurity agency warning that it poses a “grave” risk to government and private networks.

The Cybersecurity and Infrastructure Security Agency said in its most detailed comments yet that the intrusion has compromised government agencies as well as “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo.


So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security, Commerce and Energy. National security functions of the National Nuclear Security Administration (NNSA) were not impacted, the Department of Energy said in a statement Thursday.

“The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners,” the Department of Energy spokeswoman Shaylyn Hynes said. “At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA). When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

CISA has not confirmed which agencies were breached or what information taken in an attack that it previously said appeared to have begun in March. Sens. Jim Inhofe (R-Okla.) and Jack Reed (D-R.I.), chairman and ranking member of the Senate Armed Services Committee called it a “significant, sophisticated, and ongoing cybersecurity intrusion,” in a statement released Thursday evening.

“There is still much we don’t know about the massive cyber hack that breached U.S. cyber defenses, including federal agencies and major private sector companies. But we do know the cyber intrusion appears to be ongoing and has the hallmarks of a Russian intelligence operation. The U.S. government must do everything possible to counter it,” Sens. Inhofe and Reed said in a joint statement.

Microsoft said it detected a malicious version of software from SolarWinds inside the company but that its investigation so far showed no evidence hackers had used Microsoft systems to attack customers.

Reuters reports FBI and other agencies have scheduled a classified briefing for members of Congress Friday.

“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the agency said in an unusual alert. “CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.”

The hack, if authorities can indeed prove it was carried out by a nation such as Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.

Trump, whose administration has been criticized for eliminating a White House cybersecurity adviser and downplaying Russian interference in the 2016 presidential election, has made no public statements about the breach.

President-elect Joe Biden said he would make cybersecurity a top priority of his administration, but that stronger defenses are not enough.

“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”

The agency previously said that the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods as well.

Over the weekend, amid reports that the Treasury and Commerce departments were breached, CISA directed all civilian agencies of the federal government to remove SolarWinds from their servers. The cybersecurity agencies of Britain and Ireland issued similar alerts.

A U.S. official previously told The Associated Press that Russia-based hackers are suspected, but neither CISA nor the FBI has publicly said who is believed be responsible. Asked whether Russia was behind the attack, the official said: “We believe so. We haven’t said that publicly yet because it isn’t 100% confirmed.”

Another U.S. official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, said the hack was severe and extremely damaging although the administration was not yet ready to publicly blame anyone for it.

“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”

The official said the administration is working on the assumption that most, if not all, government agencies were compromised but the extent of the damage was not yet known.

The intentions of the perpetrators appear to be espionage and gathering valuable information rather than destruction, according to security experts and former government officials. If so, they are now remarkably well situated.

Members of Congress said they feared that taxpayers’ personal information could have been exposed because the IRS is part of Treasury, which used SolarWinds software.

Tom Kellermann, cybersecurity strategy chief of the software company VMware, said the hackers are now “omniscient to the operations” of federal agencies they’ve infiltrated “and there is viable concern that they might leverage destructive attacks within these agencies” in reaction to U.S. response.

CISA officials did not respond to questions and so it was unclear what it meant by a “grave threat” or by critical infrastructure. The Department of Homeland Security, its parent agency, defines such infrastructure as any “vital” assets to the U.S. or its economy, a broad category that could include power plants and financial institutions.

Among the business sectors scrambling to protect their systems and assess potential theft of information are defense contractors, technology companies and providers of telecommunications and the electric grid.

A group led by CEOs in the electric power industry said it held a “situational awareness call” earlier this week to help electric companies and public power utilities identify whether the compromise posed a threat to their networks.

And dozens of smaller institutions that seemed to have little data of interest to foreign spies were nonetheless forced to respond to the hack.

The Helix Water District, which provides drinking water to the suburbs of San Diego, California, said it provided a patch to its SolarWinds software after it got an advisory the IT company sent out about the hack to about 33,000 customers Sunday.

“While we do utilize SolarWinds, we are not aware of any district impacts from the security breach,” said Michelle Curtis, a spokesperson for the water district.

The Associated Press and Reuters contributed to this report. Reporting by Ben Fox/AP, Joseph Menn/Reuters