US authorities on Thursday expressed increased alarm about a large and sophisticated hacking campaign affecting government networks.
The cybersecurity unit of the Department of Homeland Security warned that the hack “poses a grave risk to the federal government and state, local, tribal and territorial governments as well as critical infrastructure entities and other private sector organizations”.
The Cybersecurity and Infrastructure Security Agency (Cisa) also warned that it will be difficult to remove the malware inserted through network software. “Removing this threat actor from compromised environments will be highly complex and challenging for organizations,” the agency said in the statement.
Thursday’s comments were the most detailed yet from the agency since reports of the hack emerged over the weekend. The US government on Wednesday confirmed that an operation by elite hackers, suspected to be Russian, affected its networks and said the attack was “significant and ongoing”.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” said a joint statement issued by the FBI, Cisa, and the Office of the Director of National Intelligence (Odna).
“The FBI is investigating and gathering intelligence in order to attribute, pursue and disrupt the responsible threat actors,” it added, noting that the agencies have formed a Cyber Unified Coordination group to coordinate the US government’s response.
White House national security adviser Robert O’Brien on Tuesday cut short a European trip to deal with the attack.
Hackers believed to be working for Russia introduced malware into the software of technology company SolarWinds, compromising a network safety tool used by numerous government agencies and large corporations.
The size of the hack, which began as early as March, remains unclear. SolarWinds said up to 18,000 of its more than 300,000 customers had downloaded the compromised software.
The US Department of Commerce and the agriculture department have both confirmed publicly they were compromised. The Department of Homeland Security’s cyber arm was also affected, CNN previously reported.
The US Energy Department and National Nuclear Security Administration, which manages the country’s nuclear weapons stockpile, also have evidence that hackers gained access to their networks as part of a massive cyber campaign, Politico reported on Thursday, citing officials directly familiar with the matter.
Two senators on Thursday requested a briefing with the Internal Revenue Service on whether personal taxpayer information has been stolen in the breach. The IRS is housed at the US treasury department, which was impacted by the breach.
“Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the harm both to Americans’ privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised,” senators Chuck Grassley of Iowa and Ron Wyden of Oregon wrote.
Meanwhile, homeland security officials have issued an emergency directive telling all federal civilian agencies to review their systems. The command marks only the fifth such directive to be issued by the cybersecurity and infrastructure security agency since it was created in 2015. Experts in the security space say the hacks uncovered so far may be the tip of the iceberg.
“With the entire corporate infrastructure potentially suspect, it will take a long-term program to reset these systems back to a trusted baseline,” said Mike Kiser, American sales director at SailPoint, a security and identity management platform.
Joe Biden said he would make cybersecurity a top priority of his administration, but that stronger defenses are not enough.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
