U.S. authorities on Thursday expressed heightened concern over a large and sophisticated hacking campaign affecting government networks.
The Department of Homeland Security’s cybersecurity unit warned that the hack “poses a serious risk to federal and state, local, tribal and territorial governments, as well as critical infrastructure entities and others. private sector organizations ”.
The Cybersecurity and Infrastructure Security Agency (Cisa) also warned that it would be difficult to remove malware inserted through network software. “Removing this actor from the threat of compromised environments will be very complex and difficult for organizations,” the agency said in the statement.
Thursday’s comments were the agency’s most detailed yet since hacking reports were released over the weekend. The US government confirmed on Wednesday that an operation by elite hackers, suspected of being Russian, had affected its networks and said the attack was “significant and ongoing.”
“This is a developing situation, and while we continue to work to understand the full scope of this campaign, we know that this compromise has affected networks within the federal government,” a joint statement said. published by the FBI, Cisa and the Office of the Director of National Intelligence (Odna).
“The FBI is investigating and collecting intelligence in order to assign, prosecute and disrupt those responsible for the threat,” he added, noting that the agencies have formed a unified cyber coordination group to coordinate the response of the threat. US government.
White House national security adviser Robert O’Brien on Tuesday interrupted a trip to Europe to deal with the attack.
Hackers supposedly working for Russia introduced malware into software from technology company SolarWinds, compromising a network security tool used by many government agencies and large corporations.
The size of the hack, which began in March, remains unclear. SolarWinds said that up to 18,000 of its more than 300,000 customers have downloaded the compromised software.
Both the US Department of Commerce and the Department of Agriculture have publicly confirmed that they have been compromised. The cyber branch of the Department of Homeland Security was also affected, CNN reported.
The US Department of Energy and the National Nuclear Security Administration, which manages the country’s stockpile of nuclear weapons, also have evidence that hackers gained access to their networks as part of a massive cyber campaign, Politico reported Thursday, citing officials directly familiar with the matter.
Two senators on Thursday requested a briefing with the Internal Revenue Service on whether taxpayer personal information had been stolen in connection with the breach. The IRS is housed at the US Treasury Department, which has been affected by the breach.
“Given the extreme sensitivity of taxpayer personal information entrusted to the IRS, and the damage to American privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand to what extent the IRS may have been compromised, ”wrote Senators Chuck Grassley of Iowa and Ron Wyden of Oregon.
Meanwhile, homeland security officials have issued an emergency directive asking all federal civilian agencies to review their systems. This order marks only the fifth such directive to be issued by the cybersecurity and infrastructure security agency since its inception in 2015. Security experts say the hacks discovered so far could be the tip of the iceberg.
“With all of the company’s infrastructure potentially suspect, it will take a long-term program to reset these systems to a reliable baseline,” said Mike Kiser, US Commercial Director of SailPoint, a management platform. security and identities.
Joe Biden has said he will make cybersecurity a top priority for his administration, but stronger defenses are not enough.
“We need to disrupt and deter our adversaries from undertaking major cyber attacks in the first place,” he said. “We will achieve this, among other things, by imposing substantial costs on those responsible for these malicious attacks, including in coordination with our allies and partners.”