+1 (216) 269 3272 Pierre@profilenewsohio.com

US OFFICIALS SCRAMBLE TO DEAL WITH SUSPECTED RUSSIAN HACK OF GOVERNMENT AGENCIES

by Jan 13, 2021American Elections0 comments

US agencies investigating hack of
government networks 02:14

Washington (CNN )US officials
suspect that Russian-linked
hackers were behind the
recent data breach of multiple
federal agencies, including
the Departments of Homeland
Security, Agriculture and
Commerce, but are continuing
to investigate the incident,
multiple sources told CNN
Monday.

While the exact scope and
scale of the hack still remain to
be seen, it is already becoming
clear that this marks one of the
most significant breaches of
the US government in years.
It also shows that Russia and
other foreign actors continue to
exploit US cyber vulnerabilities
— an issue that will likely present
a challenge for the incoming
Biden administration.

Officials suspect a breach
may have also occurred to
the computer systems at the
Treasury Department and US
Postal Service, according to a
senior administration official,
who noted those investigations
are ongoing.

Asked whether USPS system
was breached, a spokesman
for the Postal Service told
CNN, “The U.S. Postal Service
was made aware of the cyber
incident at SolarWinds by
the Department of Homeland
Security (DHS) on Dec. 13, 2020.
As with any notification of this
nature, USPS is conducting a
thorough review of its systems
and processes to safeguard its
network and ensure the integrity
of its systems.”

If any defense networks were
compromised, US Cyber
Command “is postured for
swift action,” a spokesperson
said, adding that they “are in
close coordination with our
interagency, coalition, industry,
and academic partners to assess
and mitigate this issue.”

As part of its response, the
government put into effect
Presidential Policy Directive
41, an Obama-era plan for
executing a Federal Government
response to any cyber incident,
whether involving government
or private sector entities. For
significant cyber incidents, the
directive also establishes a plan
for coordinating a response
between the agencies and it
requires the Departments of

Justice and Homeland Security
to assist entities affected by cyber
incidents.

Russia suspected

While US officials believe that a
Russia-linked entity or Russian
individuals are responsible for the
attacks, they have not yet finalized
their designation on which
actors are responsible, a senior
administration official said.
A meeting scheduled for later
Monday aims to determine
which government agencies
were compromised. So far, only
the Commerce Department has
said publicly that it experienced
a breach but other agencies
appeared to have been targeted
as well.

“We have a hunch about who is
behind the breaches,” another
administration official said, also
confirming Monday’s Emergency
Cyber Response Group meeting.
“But forensics like this take time
to nail down, unless they were
sloppy about it.”

“It’s too early to understand
the depth and scale of the
recent breach affecting the
Commerce Department and other
government agencies,” said Tony
Lawrence, CEO and founder
of VOR Technology and Light
Rider. “The Russians have very
advanced cyber programs and it’s
likely there have been footholds
in these systems that have gone
undetected and unchallenged.
In 2008, the Russians executed a
cyberattack using thumb drives,
commonly known as Buckshot
Yankee, and it’s possible this
breach is related to that previous
attack.”

Linked to previous
breach?

But despite the embassy’s claim
that “Russia does not conduct
offensive operations in the
cyber domain,” Moscow has
been linked to several recent
breaches, including last week’s
hack of FireEye, an attack that
compromised the so-called “Red
Team” tools it uses to protect
clients, including government
customers.

In two blog posts Sunday, the
cybersecurity firm tied the

SolarWinds vulnerability directly
to its own announced breach,
which a source familiar with the
matter previously told CNN was
likely carried out by a Russianaffiliated group known as APT29.
FireEye described a “global
intrusion campaign” that
takes advantage of a critical
flaw in a network monitoring
product sold by SolarWinds,
an IT network management
company. The victims have
included government, consulting,
technology, telecom and
extractive entities in North
America, Europe, Asia and the
Middle East, the second blog post
says, adding that they anticipate
there are additional victims in
other countries and verticals.
A source familiar with the attacks
on both FireEye and those
reported Sunday also told CNN
that “it’s all related.”

“These sorts of attacks leveraging
trusted relationships are
extraordinarily difficult to detect
and defend against in real-time,”
the person said, adding that while
the Commerce and Treasury
Departments are the victims that
have so far been identified, “there
will no doubt be more.”
The US Commerce Department
was the first agency to confirm it
was the victim of a data breach
in an attack that is believed to be
linked to Russia.
“We can confirm there has been
a breach in one of our bureaus,”
the Commerce Department said
in a statement to CNN Sunday.
“We have asked CISA and the
FBI to investigate, and we cannot
comment further at this time.”

A firm that helps protect
businesses and cities from
cyberattacks just got hit by one
CISA also confirmed the data
security incident, though
did not immediately reveal it
experienced a breach, telling
CNN in a statement, “We have
been working closely with our
agency partners regarding
recently discovered activity on
government networks.”
“CISA is providing technical
assistance to affected entities as
they work to identify and mitigate
any potential compromises,” the
statement continued.

CISA issued a directive late
Sunday that tech company
SolarWinds was compromised
and it posed “unacceptable
risks to the security of federal
networks,” said CISA acting
Director Brandon Wales.
SolarWinds Orion products are
used by a number of federal
civilian agencies for network
management and CISA is urging
the agencies to review their
networks for any possible signs of
a data breach. This is only the fifth
emergency directive issued since
2015, when CISA was created by
Congress in the Cybersecurity
Act.
SolarWinds said in a statement
Sunday night that the breach

of their system was “was likely
conducted by an outside nation
state and intended to be a narrow,
extremely targeted, and manually
executed attack, as opposed to a
broad, system-wide attack.”

‘Massive national
security failure’

On Monday, the technology
company said it believes “fewer
than 18,000” customers could
have been affected by the
software vulnerability.
In a new financial filing,
SolarWinds said that out of a
total of 300,000 customers, the
company “believes the actual
number of customers that may
have had an installation of the
Orion products that contained
this vulnerability to be fewer than
18,000.”
SolarWinds has released a
software update addressing the
flaw and anticipates providing
a second software update by
December 15 to “further address”
the security gap, the company
added.

Russian hackers targeting state
and local governments have
stolen data, US officials say
Microsoft also responded to the
hack in a blog post overnight,
telling customers that it has
updated its anti-spyware
program to detect the SolarWinds
vulnerability.

“We believe this is nation-state
activity at significant scale,
aimed at both the government
and private sector… We also
want to reassure our customers
that we have not identified any
Microsoft product or cloud
service vulnerabilities in these
investigations,” the post said.

Sen. Ron Wyden, a Democrat from
Oregon who serves on the Senate
Intelligence Committee, warned
Monday that the damage caused
by the breach may be “far more
significant than currently known.”
“If reports are true and statesponsored hackers successfully
snuck malware-riddled software
into scores of federal government
systems, our country has suffered
a massive national security failure
that could have ramifications
for years to come,” he said in a
statement to CNN. “I’m pressing
the government for more
information about the full scope
of this breach and the steps that
agencies are taking to mitigate it.
I fear that the damage is far more
significant than currently known.”
“I have warned for years that
the government was falling
down on the basics of securing
federal systems, and this breach
unfortunately proves me right.

To start, it’s high time to scrap the
lax practice of allowing agencies
to install high-risk software on
government systems without
subjecting it to a thorough
security review,” Wyden added

Apple sued by women over AirTag stalking

Apple is being sued by two women who say AirTags were used to stalk them. The small trackers are designed to be placed on wallets or keys, to prevent them from being lost. However earlier this year  that several women had found unwanted AirTags tracking them. Apple...

China rolls back strict Covid rules after protests

China is lifting its most severe Covid policies - including forcing people into quarantine camps - just a week after landmark protests against the strict controls. People with Covid can now isolate at home rather than in state facilities if they have mild or no...

Our Businesses

Businesses We Endorse

Submit your event

We will be happy to share your events. Please email us the details and pictures at publish@profilenewsohio.com 

Address

P.O. Box: 311001 Independance, Ohio, 44131

Call Us

+1 (216) 269 3272

Email Us

Publish@profilenewsohio.com