The cyber Pearl Harbor that has penetrated America’s most important government agencies
Or go to the TruNews story HERE
The cover story seems to be that the Russians (once again) were behind the hack. Excuse me if I join TruNews in my scepticism.
A widespread hack of software giant SolarWinds was found by cybersecurity firm FireEye as it investigated how its own systems were infiltrated in the same campaign—which is suspected of being the work of Russia.
Officials from California-based FireEye's incident response division, known as Mandiant, confirmed on Monday that its teams were first to raise the alarm to SolarWinds and U.S. law enforcement after discovering the far-reaching security compromise.
"We looked through 50,000 lines of source code, which we were able to determine there was a backdoor within SolarWinds," Charles Carmakal, senior vice president and chief technical officer at Mandiant, told Bloomberg.
The National Security Agency (NSA) was apparently not aware until alerted by FireEye, The New York Times reported. The agency was listed as a SolarWinds customer.
"If this actor didn't hit FireEye, there is a chance that this campaign could have gone on for much, much longer. One silver lining is that we learned so much about how this threat actor works and shared it with our [partners]," Carmakal said.
The fallout from the cyber-intrusion grew late on Monday as it was acknowledged that a slew of powerful agencies had possibly been hit, including the Department of Homeland Security (DHS), the State Department, Commerce, Treasury and the Pentagon.
Multiple sources said to be familiar with the investigation told Reuters on Monday that Russia was believed to be responsible for the cyberattack. Bloomberg reported the FBI was probing if a Russian hacking unit called APT29, or Cozy bear, was involved in the FireEye attack, but the cybersecurity company has not confirmed any attribution.
Investigations will continue to understand the full extent of the hack, which was able to abuse an alleged vulnerability in a SolarWinds monitoring platform called "Orion." It has been suspected that the motivation behind the compromise was cyber-espionage.
According to a now-removed customer page on its website, SolarWinds software was used by more than 425 firms on the Fortune 500, all branches of the U.S. military, the Centers for Disease Control and Prevention (CDC), all of the top-10 American telecom companies, the Department of Justice, the Office of the President, NASA, NOAA, the Postal Service and "hundreds of universities" and colleges globally.
But SolarWinds said in an advisory the incident appeared to be an "extremely targeted and manually executed attack, as opposed to a broad, system-wide attack." It is not known which of the Texas-based software firm's clients were breached.
The firm's client base tops 300,000. Approximately 18,000 are believed to have been potentially compromised in the nation-state cyberattack, SolarWinds said.
The attack was a "supply chain attack" that pushed booby-trapped software updates to SolarWinds customers in order to distribute a type of malware called Sunburst, FireEye said in a blog post on Monday, stressing that the incident is ongoing.
"The victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East. We anticipate there are additional victims in other countries," the company added, warning those responsible are highly-skilled and their malware could have been used for "data theft."
In a statement this week, a SolarWinds spokesperson said compromised Orion updates are believed to have been released between March and June this year.
FireEye did not release names of suspected victims. Russia's U.S. embassy rejected the allegations of state hacking in a statement posted to its Facebook account on Sunday, saying the claims were "unfounded" and that it does not engage in cyberattacks.
Related Articles
- Suspected Russian SolarWinds Hack Compromised Homeland Security Department
- US Vows 'Swift Action' if Defense Networks Hit by Alleged Russia Hack
- SolarWinds Won't Confirm if Hack Breached U.S. Military, White House
PENTAGON ORDERS
EMERGENCY SHUTDOWN OF
"SIPR" Defense Computer
Network
15 December, 2020
The Pentagon has imposed an emergency shutdown of its Secret Internet Protocol Router (sipr) Network, which handles classified information up to the secret level!
the Pentagon on Tuesday ordered the emergency shutdown of a classified internal communications network, three Defense Department sources confirm.
The unprecedented daytime shutdown comes amid recent revelations that other federal agencies, including the Department of Homeland Security, were breached by hackers.
The Defense Department alerted employees that the SIPRNET system was being shut down in the late morning for emergency software updates, the sources told Just the News.
The Pentagon did not immediately return a request for comment, including one on whether the shutdown was related to the hacking reported Sunday, allegedly by Russian agents.
The system, known as the Secret Internet Protocol Router Network, handles classified information, up to the secret level, and was shuttered for several hours.
"This has never happened in the middle of a work day," one Pentagon official said. "Updates usually are done on weekends and after hours late at night. This was done on an emergency basis."
The shutdown applied only to computers handling the classified
No comments:
Post a Comment
Note: only a member of this blog may post a comment.