• Monday, Oct 18, 2021
  • Last Update : 04:53 pm

Cyberattack on US govt poses grave risk

  • Published at 04:21 pm December 18th, 2020
Cyber Security Hacking
File photo: A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017 Reuters

'We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place'

A sophisticated cyberattack on US government agencies and private companies that was revealed this week poses a "grave risk" and thwarting it will be "highly complex," the US computer security agency said on Thursday. 

President-elect Joe Biden expressed "great concern" over the computer breach while Utah Senator Mitt Romney blamed Russia and slammed what he called "inexcusable silence" from the White House.

The US Cybersecurity and Infrastructure Security Agency (CISA) said, US government agencies, critical infrastructure entities, and private sector organizations had been targeted by what it called an "advanced persistent threat actor."

CISA did not identify who was behind the malware attack but private security companies pointed a finger at hackers linked to the Russian government.

US Secretary of State Mike Pompeo also suggested involvement by Moscow on Monday, saying the Russian government had made repeated attempts to breach US government networks.

Romney likened the cyberattack to as if "Russian bombers have been repeatedly flying undetected over our entire country."

He said it highlighted "alarming US vulnerability" plus "cyber warfare weakness" and "glaringly inadequate cyber defences."

The 2012 Republican presidential candidate condemned what he called "inexcusable silence and inaction from the White House" of President Donald Trump.

CISA said the computer intrusions began in at least March 2020 and the actor behind them had "demonstrated patience, operational security and complex tradecraft."

"This threat poses a grave risk," CISA said in a statement, adding that it "expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."

Biden, who is to be sworn in as president on January 20, said the breach affected "potentially thousands of victims, including US companies and federal government entities."

"My administration will make cybersecurity a top priority at every level of government -- and we will make dealing with this breach a top priority," he said in a statement.

"We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place," Biden said. "We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks.

FBI investigating

According to CISA, the attackers managed to breach computer networks using enterprise management network software made by the Texas-based IT company SolarWinds.

"CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated," CISA said. 

Hackers reportedly installed malware on software used by the US Treasury Department and the Commerce Department, allowing them to view internal email traffic. 

SolarWinds said up to 18,000 customers, including government agencies and Fortune 500 companies, had downloaded compromised software updates, allowing hackers to spy on email exchanges.

After the attack was detected, CISA ordered federal agencies to power down the breached software.

The content the hackers sought to steal -- and how successful they were -- remains unknown.

The FBI has opened an investigation to identify those responsible for the hack and emergency discussions have been held at the White House to discuss the government's response.

US National Security Advisor Robert O'Brien cut short a trip to the Middle East and Europe this week to deal with the fallout from the breach.

66
Facebook 65
blogger sharing button blogger
buffer sharing button buffer
diaspora sharing button diaspora
digg sharing button digg
douban sharing button douban
email sharing button email
evernote sharing button evernote
flipboard sharing button flipboard
pocket sharing button getpocket
github sharing button github
gmail sharing button gmail
googlebookmarks sharing button googlebookmarks
hackernews sharing button hackernews
instapaper sharing button instapaper
line sharing button line
linkedin sharing button linkedin
livejournal sharing button livejournal
mailru sharing button mailru
medium sharing button medium
meneame sharing button meneame
messenger sharing button messenger
odnoklassniki sharing button odnoklassniki
pinterest sharing button pinterest
print sharing button print
qzone sharing button qzone
reddit sharing button reddit
refind sharing button refind
renren sharing button renren
skype sharing button skype
snapchat sharing button snapchat
surfingbird sharing button surfingbird
telegram sharing button telegram
tumblr sharing button tumblr
twitter sharing button twitter
vk sharing button vk
wechat sharing button wechat
weibo sharing button weibo
whatsapp sharing button whatsapp
wordpress sharing button wordpress
xing sharing button xing
yahoomail sharing button yahoomail