'One of the largest attacks': Russian hackers hacked US government offices

One of the most sophisticated and arguably the largest attacks in more than five years has resulted in a compromised e-mail system in the US Department of the Treasury and Commerce. Other violations are being investigated, writes The New York Times.

Photo: Shutterstock

On Sunday, December 13, the Trump administration acknowledged that hackers acting on behalf of a foreign government - almost certainly Russian intelligence agencies, according to federal and private experts - had breached a number of key government networks, including in the Treasury and Commerce departments, and gained access to their email systems.

Officials said an investigation was underway to determine if other parts of the government were affected. Some reported that agencies linked to national security were also targeted, although it was unclear if the systems contained highly classified material.

“The United States Government is aware of these reports and we are taking all necessary steps to identify and address any potential issues related to this situation,” said National Security Council spokesman John Ullitt.

The Department of Homeland Security's cybersecurity agency, whose chief was fired by Trump last month for claiming no large-scale election fraud, said he was also called in for an investigation.

On the subject: 'Most destructive in history': the United States accused Russian hackers of cyberattacks around the world

The Commerce Department admitted that one of its agencies was affected by not naming it. It turned out to be the National Telecommunications and Information Administration, which helps define policy on Internet-related issues, including setting standards and blocking the import and export of technology that is considered a threat to national security.

Late on the evening of December 13, the Department of Homeland Security ordered all agencies to cease all use of SolarWinds' sophisticated network management software installed on government and US corporate networks. The order was so urgent that it gave a deadline of 14 December for a "completion report" confirming that the software was no longer in use.

But it was clearly too late to defend against intrusions that had lasted for months. The malicious code was introduced when hackers broke into automatic software updates. SolarWinds tracked these incursions back to spring. This means that the hackers had complete leeway for most of the year, although it is unclear how many systems were compromised.

The motive for the attack remains unclear, said two people familiar with the matter. One government official said it was too early to tell how devastating the attacks were and how much material was lost.

The news of the hack, previously reported by Reuters, came less than a week after the National Security Agency, which is responsible for hacking foreign computer networks and protecting the most sensitive US national security systems, issued a warning that “Russian actors, state-sponsored ”took advantage of the shortcomings of the system widely used in the federal government.

At the time, the agency did not say what triggered the urgent warning. Shortly thereafter, computer security firm FireEye, which first raised the alarm about the Russian campaign after its own systems were hacked, announced that hackers had stolen some of its valuable vulnerability search tools on its clients' systems, including the federal government system. ... This investigation also pointed to the SVR (Foreign Intelligence Service), one of the leading intelligence agencies in Russia. Often referred to as Cozy Bear or APT 29, she is known as a traditional intelligence collector.

FireEye's clients, including the Department of Homeland Security and intelligence agencies, hire the firm to conduct creative but secure hacks of their systems, using the company's extensive database of techniques it has used around the world. Its “red team” tools—essentially simulating a real hacker—are used to test security systems. So the hackers who stole FireEye's tools have added to their arsenal. But it looks like FireEye wasn't their only victim.

Researchers believe the global campaign involved hackers inserting their code into periodic updates to SolarWinds' network management software. Its products are widely used across corporate and federal networks, and malware has been carefully minimized to avoid detection.

The Austin, Texas-based company says it has over 300 clients, including most of the country's Fortune 000 companies. But it is unclear how many of them are using the Orion platform, which was invaded by Russian hackers, and whether all of these people were targeted.

If the Russian connection is confirmed, it would be the most sophisticated known case of Moscow stealing U.S. government data since a two-year period in 2014 and 2015 in which Russian intelligence agencies gained access to unclassified email systems at the White House, State Department and Joint Chiefs of Staff. It took years to undo the damage, but President Barack Obama at the time decided not to name the Russians as culprits—a move that many in his administration now consider a mistake.

Encouraged, the same group of hackers continued their incursions into the systems of the Democratic National Committee and the top officials of the Hillary Clinton campaign, sparking the investigations and concerns that permeated the campaigns of both 2016 and 2020. Another, more destructive Russian intelligence agency, the GRU (General Intelligence Agency), is believed to be responsible for the subsequent exposure of the hacked emails.

Russia was one of several countries that also hacked American research institutions and pharmaceutical companies. This summer, the Symantec Corporation warned that a Russian ransomware group was taking advantage of the sudden change in American work habits due to the pandemic and injecting code into corporate networks at unprecedented speed and scale.

You may be interested in: top New York news, stories of our immigrants and helpful tips about life in the Big Apple - read it all on ForumDaily New York

The Russian Embassy in Washington denies Moscow's involvement in any hacker attacks against the US government. The embassy said in a statement that Russia "does not conduct offensive operations in cyberspace."

Most of the hacks involved stealing usernames and passwords, but this was much more sophisticated. After they got into SolarWinds' network management software, the Russians were able to insert fake "tokens," essentially electronic indicators that give Microsoft, Google, or other vendors confidence in the identity of the computer system that uses it, according to researchers. postal systems. Using the vulnerability, the hackers were able to trick the system and gain access unnoticed.

It is unclear what exactly they got. The situation is reminiscent of the hacking of a Chinese HR service that continued for a year in 2014 and 2015, ultimately resulting in the loss of over 22 million access files and over five million fingerprints. It turned out that this was part of a much broader data-gathering effort by Beijing that involved thefts from Marriott's Starwood Hotels division, Anthem's insurance database, and Equifax's credit reporting agency.

More than two decades ago, Russia stole sensitive data from the US government and led to the creation of the US Cyber ​​Command. Back in the mid-1990s, the FBI was called in to investigate networks, including the Los Alamos and Sandia National Laboratories, which, among other things, are developing nuclear weapons.

According to some experts, the Russian operation, which soon became known as the "Lunar Maze", never ended.

“The activities described by this title—Russian cyber operations against a wide range of U.S. targets—continue to this day,” wrote Ben Buchanan, now at Georgetown University, and Michael Sallmeyer, now a senior adviser at U.S. Cyber ​​Command.

Read also on ForumDaily:

The family invested all their money in bitcoin: how they live after three years

The American military was accused of transferring classified information to a Russian

Why our immigrants face problems in the USA: can this be mistaken for Russophobia

Crack in seconds: the most vulnerable passwords of 2020

Do you want more important and interesting news about life in the USA and immigration to America? — support us donate! Also subscribe to our page Facebook. Select the “Priority in display” option and read us first. Also, don't forget to subscribe to our РєР ° РЅР ° Р »РІ Telegram  and Instagram- there is a lot of interesting things there. And join thousands of readers ForumDaily New York — there you will find a lot of interesting and positive information about life in the metropolis.