Homeland Security and thousands of businesses 'hacked by Russians' after attack on US Treasury and other fed agencies

HOMELAND Security and thousands of businesses were revealed to have been hacked in what security officials believe to be an orchestrated attack by Russia.

Emails sent by department officials were monitored by hackers in a series of sophisticated breaches against the department, which oversees border security and hacking defense.

The hackers also targeted the Treasury Department and Commerce Departments, it was reported on Monday.

Other departments, like the Department of Defense and Department of State, as well as the National Institute of Health, also reported parts of their systems were hacked.

"For operational security reasons the DoD will not comment on specific mitigation measures or specify systems that may have been impacted," a Pentagon spokesperson told Reuters.

Hackers initially used SolarWinds, a technology company that said up to 18,000 of its customers had downloaded a software that allowed hackers to spy into their businesses and agencies for over nine months.

The United States issued a warning late Sunday night, demanding government users to disconnect SolarWinds after it was compromised by "malicious actors."

The warning came after it was reported that supposed Russian hackers had infiltrated SolarWinds software updates to enter multiple government agencies in the United States.

Moscow has since denied having any connection to the United States.

In a regulatory disclosure, SolarWinds said it believed the attack to have originated from an "outside nation state" that worked by inserting malware into its updates between March and June of this year.

"SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000," it said.

Although Homeland Security has not commented about the issue, other departments have confirmed there indeed was a hacking into their agencies as well.

Hackers believed to be acting on behalf of the Russian foreign intelligence service SVR breached and stole data from agencies within the Treasury Department and the US Department of Commerce, The New York Times and Washington Post reported.

The “sophisticated” hackers also had free access to their email systems, reports said.

It remains unclear if the systems contained highly classified material – and sources told the Times that the motive behind hacking the agencies was also uncertain.

The outlet reported that the attack appears to be the largest on federal systems in the past five years and officials only became aware of it in recent weeks.

The hacking revelations were deemed serious enough to prompt an emergency National Security Council meeting on Saturday, Reuters reported.

John Ullyot, the spokesman for the National Security Council, said in a statement: “The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation."

The Cybersecurity and Infrastructure Security Agency (CISA) confirmed the breach to Reuters and said it is working with partners to investigate the attack.

“We have been working closely with our agency partners regarding recently discovered activity on government networks," CISA stated.

"CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”

Last month, President Donald Trump fired Christopher Krebs in a tweet when the nation’s top cybersecurity official said that the 2020 presidential election was among the most secure in the country’s history.

Krebs, who oversaw CISA, was responsible for leading the effort to protect U.S. elections.

"Highly sophisticated" hackers with a foreign state succeeded in tricking Microsoft's authentication controls to attack the Treasury Department, Disclose TV reported.

Microsoft Office 365 can be compromised due to the attack, according to the publishing online community.

The revelation comes after one of the biggest and most renowned cybersecurity firms in the world, FireEye, was recently hacked in an attack suspected to have come from Russia.

FireEye's chief executive Kevin Mandia revealed in a blog post on Tuesday that hackers in the "state- sponsored attack" accessed internal systems and sought information about clients in the government sector.

The hackers compromised FireEye’s "Red Team tools," which the company uses to test the defense mechanisms of its clients.

“I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia wrote.

“The attackers tailored their world-class capabilities specifically to target and attack FireEye.”

Russia was most likely behind the attack and the hackers were extremely skilled, a source told The Wall Street Journal.

“This was a sniper shot that got through,” the source said.

Following the attack, FireEye began working with the Federal Bureau of Investigation, Microsoft, and other companies in the cybersecurity industry on a probe into the attack.

The FBI warned in August that the Russian military intelligence agency linked with hacking Hillary Clinton’s 2016 campaign has unleashed malware to spy on US computers.

Called Drovorub, the bug allows the Russian General Staff Main Intelligence Directorate, known as GRU, to target Linux computers, allowing Russian agents to spy on infected machines, according to the Justice Department.

The GRU is considered an elite group within the Russian military – whose head reports directly to President Vladimir Putin.

The Washington Post reported that SVR, unlike the GRU, hacks "for traditional espionage purposes."

Source: Read Full Article