Russian State Hackers Break into key US Federal Agencies

UPDATE – Breaking News

Microsoft has said the UK and six other countries outside the US have been affected by a suspected Russian hacking attack that US authorities have warned poses a grave risk to government and private networks.

Brad Smith, Microsoft’s chief legal counsel, said the company had uncovered 40 customers, including government agencies, thinktanks, NGOs and IT companies, who were “targeted more precisely and compromised” after the hackers had gained initial access earlier this year.

Eighty per cent were in the US, including, it is feared, agencies responsible for the US nuclear weapons stockpile. But the remainder were spread out across other countries.

The attack appears to have started when an updated popular IT network management tool called Orion, made by SolarWinds, was compromised from March this year. Around 18,000 customers installed the compromised update, many of whom were in the US federal government.

Of these, at least 40 were then selected by the attackers for further exploitation, including the US Treasury and Department of Commerce, where emails are thought to have been read, and the National Telecommunications and Information Administration.

The hackers’ intention appears to have been a “high end espionage operation” according to security sources, designed to steal government and military secrets. Information has not thought to have been destroyed, although the assessment is ongoing.

It emerged overnight that the US National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, had evidence that hackers accessed its networks. The NNSA also supplies some nuclear technology to the UK.

Originally published Dec. 15th

The US Treasury, Department of Commerce, Department of Homeland Security, State Department, and the National Institutes of Health are known victims of a months-long, highly sophisticated digital spying operation by Russia whose damage remains uncertain but is presumed to be extensive.

Russian hackers are being accused of carrying out the biggest cyber-raid against the US in more than five years, targeting federal government networks in a sophisticated attack, according to American officials and sources.

The hackers, linked to Russian spy agencies, were able to monitor internal emails in what is being described as a highly sophisticated state-level attack.

Security agencies in the UK and elsewhere were also scrambling to assess the impact on their systems – while the revelation was deemed so grave it led to a national security council meeting at the White House over the weekend.

On Monday, the US national security council said it was working closely with the FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”

The US has not formally named the country it believes is responsible, but multiple sources blamed Moscow. The Washington Post specifically cited a well-known Russian hacking group – known as Cozy Bear or APT 29 – linked to the country’s FSB and SVR spy agencies.

Among the greatest U.S. intelligence failures of modern times

Over the past few years, the United States government has spent tens of billions of dollars on cyber-offensive abilities, building a giant war room at Fort Meade, Md., for United States Cyber Command, while installing defensive sensors all around the country — a system named Einstein to give it an air of genius — to deter the nation’s enemies from picking its networks clean, again.

It now is clear that the broad Russian espionage attack on the United States government and private companies, underway since spring and detected by the private sector only a few weeks ago, ranks among the greatest intelligence failures of modern times.

Einstein missed it — because the Russian hackers brilliantly designed their attack to avoid setting it off. The National Security Agency and the Department of Homeland Security were looking elsewhere, understandably focused on protecting the 2020 election.

The new American strategy of “defend forward” — essentially, putting American “beacons” into the networks of its adversaries that would warn of oncoming attacks and provide a platform for counterstrikes — provided little to no deterrence for the Russians, who have upped their game significantly since the 1990s, when they launched an attack on the Defense Department called Moonlight Maze.

Something else has not changed, either: an allergy inside the United States government to coming clean on what happened.

“Stunning,” Senator Richard Blumenthal, Democrat of Connecticut, wrote on Tuesday night. “Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared. Americans deserve to know what’s going on.”

Trump took the nation in the wrong direction on cybersecurity

President Trump took the nation in the wrong direction on cybersecurity, according to a solid majority of experts polled by Cybersecurity 202.

During four years in office, Trump failed to hold adversaries including Russia accountable for hacking U.S. targets, removed experienced cyber-defenders from their posts for petty reasons and undermined much of the good work being done on cybersecurity within federal agencies, according to 71 percent of respondents to The Network, a panel of more than 100 cybersecurity experts who participate in our ongoing informal survey.

The survey concluded before news broke about probably the most significant breach of the Trump administration — a hack linked to the Russian Foreign Intelligence Service, or SVR, that infected at least five federal agencies and probably several others, as well as foreign governments and companies across the globe.

The respondents’ comments reflect widespread concern Trump is disinterested in the damage that hack has done to national security, unwilling to take Russia to task and preoccupied instead with his own efforts to sow baseless doubts about his election loss.