U.S. Gov't Hit by Massive Cyberattack
The Russian government was likely behind a hack that wasn't discovered for months.
The Cybersecurity and Infrastructure Security Agency (CISA) has alerted the U.S. government that a months-long cyberattack compromised at least four federal agencies. The agencies known to have been compromised include the Defense Department, the Department of Homeland Security, the Commerce Department, and the Treasury. The hack is believed to have been initiated this past spring via malware code that targeted SolarWinds software, which is widely used across the federal government. The prime suspect is the Russian government because the hack has all the calling cards of APT29, a group with direct links to Russian intelligence.
This massive cyberattack is reminiscent of the Chinese hack on the Office of Personnel Management back in 2015, when the personal information of more than 20 million federal employees was compromised.
CISA, the agency responsible for monitoring and protecting U.S. government agencies against cyberattacks, explained that its primary system designed to detect such hacks, dubbed Einstein, failed to identify the breach. That was due to a myriad of factors, including the sophistication of the hack, which expertly exploited known and unknown weakness within the federal network using novel U.S. IP addresses that had not previously been associated with foreign actors or criminal activity.
The scope of the hack and the number of agencies compromised are still being uncovered, though it’s clear that this was a major breach with ramifications yet to be fully appreciated. The Washington Post says that the Texas-based software developer SolarWinds “reported that nearly 18,000 of its customers may have been affected worldwide.”
Why does this ultimately matter? Well, beyond national security implications, especially at the Pentagon and DHS, it goes to the issue of trustworthiness. The recently fired head of CISA, Christopher Krebs, infamously declared last month that the 2020 U.S. election “was the most secure election ever.” He was fired by President Donald Trump on November 17. Does anyone really believe him, especially now?
Update: Friday, Secretary of State Mike Pompeo confirmed the likelihood of Russia being the source of the cyberattack stating on the Mark Levin Show: “This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”