It was called one of the most serious cyber penetrations of U.S. government agencies ever attempted–and it apparently managed to outmaneuver sophisticated defenses that were on the lookout for attacks during the fall election.
The scope of a hack, linked to Russian intelligence services, of the U.S. State Department, the Department of Homeland Security (DHS), and thousands of other government and private agencies has left many officials scrambling to figure out how it happened, according to media reports.
Investigators were trying to determine the extent to which the American military, intelligence community and nuclear laboratories were affected by the sophisticated attack.
It’s still not clear what damage, if any, resulted from the break-in.
Most embarrassing of all, the attack was not detected by the U.S. government, but by a private cybersecurity firm called Fire Eye, reported The New York Times..
“It was evident that the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies,” the New York Times said.
According to intelligence sources, the Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service, known by its acronym SVR. They breached email systems in some cases, said people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter, said the Washington Post.
The same Russian group hacked the State Department and the White House email servers during the Obama administration.
The 2020 breach occurred after about 18,000 private and government users downloaded a tainted software update that gave its hackers a pathway into victims’ systems, according to SolarWinds, the company whose software was compromised.
The Russian Embassy in Washington on Sunday called the reports of Russian hacking “baseless.” In a statement on Facebook it said, “attacks in the information space contradict” Russian foreign policy and national interests.
“Russia does not conduct offensive operations” in the cyber domain, the statement said.
As early as March of this year, customers of SolarWinds Inc., a U.S. network-management company, “began unwittingly installing malicious software as part of a routine and seemingly benign update issued for a software product known as Orion, according to the company,” reported The Wall Street Journal.
That update, which would have been especially difficult to identify as a threat, contained what investigators called a back door that could have granted easy access to the thousands of entities that downloaded it.
National security agencies and defense contractors also were among those breached, according to a person familiar with the continuing investigation, said The Wall Street Journal.
“The person and others briefed on the matter said the breach could amount to one of the most significant national security failures in years,” according to the Wall Street Journal.
The attack on SolarWinds appeared to grant hackers potential access to an extensive list of the most coveted computer systems that would be of interest to a foreign adversary, said media reports.
The company holds contracts with all five branches of the military and several national security agencies as well as major defense contractors like Lockheed Martin and more than 400 of the Fortune 500 companies.
Ironically, defenses set up to protect U.S. electoral systems against foreign attack were hailed for assuring the safety of the November elections.
Chris Krebs, the official in charge of cybersecurity at DHS said that, as a result of the measures his team put in place, the 2020 vote was “the most secure election in American history.”
Krebs was summarily dismissed from his post as director of the Cybersecurity and Infrastructure Security Agency by President Donald Trump, who was reportedly angered that Krebs disputed his claims of widespread election fraud.
Nancy Bilyeau is deputy editor of The Crime Report, and writes on cyber issues.