The Washington Post (Washington Post) quoted did not want to be named, U.S. officials and other sources has pointed out, the White House confirmed that a foreign government network attack on the U.S. Treasury Department’s report is true, the U.S. department of homeland security, the state department and health research institute are included in the Russian hackers for 1 month a list of known victims network spying operation, but the cost of this action is not clear, but estimates range is very wide. In addition to the Treasury and Commerce departments, it is expected to include more federal agencies and private companies, which are still under investigation.
Russian network management software maker Solar Winds said in a federal securities filing on Monday that no more than 18,000 customers — a fraction of its more than 300,000 worldwide, including the Pentagon and the White House — could be affected. The Russian government has denied any role in the invasion. The federal agency charged with protecting the country from physical and cyber attacks was also hurt, underscoring and questioning the adequacy of federal cybersecurity efforts.
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Directorate (CISA) has called for more information from americans or individuals who know about the breach, in the hope of contacting anyone who knows about the breach. CISA has also instructed all federal agencies in the US to immediately cut off connections to Solar Winds products and report that they have done so. Alexei Woltornist, a spokesman for the Department of Homeland Security, said: “We are aware of reports of violations and are investigating the matter.” In sequence, Reuters first reported that the U.S. Department of Homeland Security had been hacked.
Russia’s foreign intelligence service (SVR) is thought to have been involved in the hacking, which has been going on since at least the spring, using so-called supply chain attacks or the regular software patches that Solar Winds, a network management tool, send to the system. Experts in the US said the nature of the hack showed the attackers were focused on high-value targets. “It’s not about the quantity, it’s about the quality of the target,” said John Hultquist, analytics manager at US-BASED cyber security consultancy Fire Eye. Fire Eye was also hacked and found the target of Solar Winds through its own investigation.
John Hultquist added: “Solar Winds are clearly the door that the hackers can get through, and we’re trying to close that door, but they’re still in there. There are a lot of it security teams that are probably going to be very busy over the Christmas period because they have to sort this out.”
Thomas Rid, a professor of political science at the Johns Hopkins School of Advanced International Studies, who specializes in cyber security, said it was a classic case of espionage, done in a highly sophisticated manner and carried out secretly. The Fire Eye described the victims as government, consulting, technology, telecommunications and extractive entities in North America, Europe, Asia and the Middle East, with more victims expected in other countries and vertical industries. But the potentially good news is that covert attackers, who tend to prioritize clandestine entry and exit while avoiding large-scale ransacking that could damage a defender’s computer systems, are often more focused on covering their tracks than simply backing up digital content.
But the potentially bad news is that hackers can effectively gather sensitive information over months or even years with careful and precise attacks. Although details of the hack and who started it have not been made public, it dates back at least to March. It was a nine-month period that included the worst of the COVID-19 pandemic, the rapid development of COVID-19 vaccines using new technologies in history, and the US presidential and congressional elections. As Thomas Rid notes, up to now, hackers are still doing the same things every day in major countries, including the United States, to gain geopolitical advantages.
“Securing all the hardware and software that goes into a computer network is a complex challenge,” says Neil Jenkins, a former senior cybersecurity official at the U.S. Department of Homeland Security. “You have to do a lot of risk management to put yourself in the best position. Even that may not prevent you from being hacked at the end of the day.”
A Pentagon spokesman said: “For operational security reasons, the Department of Defense will not comment on specific mitigation measures or specify systems that may be affected.” The Department of Homeland Security also said it was aware of the report’s existence, but did not directly confirm them or mention its impact.