US authorities on Thursday voiced heightened alarm over a large and sophisticated hacking campaign affecting government networks.
The cybersecurity unit of the Department of Homeland Security warned that the attack “represents a serious risk for the federal government and state, local, tribal and territorial governments, as well as critical infrastructure entities and other private sector organizations.”
The Infrastructure and Cybersecurity Security Agency (Cisa) also warned that it will be difficult to remove malware inserted through network software. “Removing this threat actor from compromised environments will be very complex and challenging for organizations,” the agency said in the statement.
Thursday’s comments were the agency’s most detailed yet since reports of the hack emerged over the weekend. The US government confirmed on Wednesday that an operation by elite hackers, suspected of being Russians, affected their networks and said the attack was “significant and ongoing.”
“This is a developing situation, and while we continue to work to understand the full scope of this campaign, we know that this engagement has affected networks within the federal government,” said a joint statement issued by the FBI, Cisa, and the Office of the Director of National Intelligence (Odna).
“The FBI is investigating and gathering intelligence to attribute, prosecute and disrupt the actors responsible for the threats,” he added, noting that the agencies have formed a Unified Cyber Coordination group to coordinate the US government’s response.
White House National Security Adviser Robert O’Brien interrupted a trip to Europe on Tuesday to deal with the attack.
Hackers believed to be working for Russia introduced malware into the software of the technology company SolarWinds, compromising a network security tool used by numerous government agencies and large corporations.
The size of the hack, which began in March, is unclear. SolarWinds said up to 18,000 of its more than 300,000 customers had downloaded the compromised software.
The United States Department of Commerce and the Department of Agriculture have publicly confirmed that they were compromised. The cyber arm of the Department of Homeland Security was also affected, CNN previously reported.
On Thursday, two senators requested a briefing with the Internal Revenue Service on whether personal information from taxpayers has been stolen in the violation. The IRS is housed in the United States Department of the Treasury, which was affected by the violation.
Given the extreme sensitivity of personal taxpayer information entrusted to the IRS, and the damage to both American privacy and our national security that could result from the theft and exploitation of this data by our adversaries, it is imperative that we understand the extent to which the IRS may have been compromised, ”wrote Senators Chuck Grassley of Iowa and Ron Wyden of Oregon.
Meanwhile, national security officials they have issued an emergency directive that tells all federal civil agencies to check their systems. The command marks just the fifth such directive issued by the infrastructure and cybersecurity agency since its inception in 2015. Experts in the security space say the hacks discovered so far may be the tip of the iceberg.
“With all of the potentially suspect corporate infrastructure, it will take a long-term program to restore these systems to a reliable baseline,” said Mike Kiser, US sales director for SailPoint, an identity and security management platform.
Digsmak is a news publisher with over 12 years of reporting experiance; and have published in many industry leading publications and news sites.