The known list of targets hit by hackers is now five.
Hackread.com earlier reported on a massive espionage campaign launched by Russian government-sponsored hackers to spy on several high-profile US government institutions. As reported by the Washington Post, the New York Times, and Reuters Sunday, the attackers targeted the US Treasury and Commerce Department, National Telecommunications and Information Administration (NTIA), and some parts of the US Defense Department.
As per the latest reports, the list of victims of this spying campaign is longer than expected. Reportedly, part of the victims’ list is the US Department of Homeland Security, the National Institutes of Health, and the State Department.
Further investigation has revealed a highly sophisticated cyberespionage operation that could have been going on at least for nine months. It is alleged that Russia is behind this extensive campaign, the extent of damages of which are still unclear.
However, according to authorities, hackers exploited SolarWinds, a software company known for developing network-management software to spy on their targets. The company states that around 18,000 SolarWinds customers downloaded an infected software update through which the hackers could stay unnoticed while spying on agencies and businesses.
On Sunday, the US issued an emergency warning and ordered users to disconnect the compromised SolarWinds software immediately.
Interestingly, just like in the past when the Russian government categorically denied any involvement in cyberattacks on US institutions, this time around, too, Moscow denied any connections with the attackers.
The Cybersecurity and Infrastructure Security Agency (CISA) at DHS issued a rather unusual appeal on Monday. The department is asking people to share any knowledge of the breach with CISA at firstname.lastname@example.org.
The DHS spokesperson Alexei Woltornist stated that the department is already aware of the incident and is currently investigating it.
JUST RELEASED: Emergency Directive 21-01 calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately. Read more: https://t.co/VFZ81W2Ow7
— Cybersecurity and Infrastructure Security Agency (@CISAgov) December 14, 2020
It is reported that the attackers were able to access their victims’ systems via a supply chain attack or compromised the network-management tools provider SolarWinds’ software patches. In a blog post, cybersecurity firm FireEye also confirmed that SolarWinds was indeed targeted by hackers.
The DHS noted that its cybersecurity division’s network, which the department uses to protect infrastructure, hasn’t been breached. Although not directly confirmed the attack or revealed the extent of damage, the DHS has claimed that it was aware of the attack reports.
The list of victims of this cyberespionage campaign is expected to get longer and may include more federal agencies and private organizations. However, it is concerning that an institution responsible for the physical and digital security of an entire country was so easily victimized, making the federal cybersecurity efforts questionable.