Senate Armed Services leaders say massive hack bears ‘hallmarks of a Russian intelligence operation’


The bipartisan leaders of the Senate Armed Services Committee said they received “initial information” indicating the massive hack involving several U.S. federal agencies “has the hallmarks of a Russian intelligence operation.”

Republican Chairman Jim Inhofe of Oklahoma and Democratic ranking member Jack Reed of Rhode Island released a joint statement Thursday evening saying they had been made aware of new details related to the “significant, sophisticated, and ongoing cybersecurity intrusion against the United States.”

“There is still much we don’t know about the massive cyber hack that breached U.S. cyber defenses, including federal agencies and major private sector companies,” Inhofe and Reed said. “But we do know the cyber intrusion appears to be ongoing and has the hallmarks of a Russian intelligence operation. The U.S. government must do everything possible to counter it.”

The Cybersecurity and Infrastructure Security Agency revealed on Thursday that the massive global hacking campaign is even larger than originally reported, noting that while “the initial access vectors for this activity is a supply chain compromise of the following SolarWinds Orion products,” that “is not the only initial infection vector this advanced persistent threat actor leveraged.” The Homeland Security Department agency also warned that “this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”

Others on Capitol Hill similarly attributed the cyberattack to the Kremlin. Republican Sen. Mitt Romney of Utah told SiriusXM that “a cyber hack of this nature is really the modern equivalent of almost Russian bombers reportedly flying undetected over the entire country.” Rep. Michael McCaul, a Texas Republican and the ranking member on House Foreign Affairs, tweeted that “this latest cyberattack only stresses what is at stake if we do not bolster our cybersecurity infrastructure and implement real penalties that deter future attacks” and “turning a blind eye has only emboldened Putin & our adversaries, putting us at further risk.”

The Russian government has denied culpability, and neither the federal government nor any of the private partners involved have yet publicly identified who might have been behind the attack, but the FBI is looking into the Russian hacking group APT29, also known as Cozy Bear, as a potential culprit, according to the Washington Post and other outlets.

Inhofe and Reed said Thursday that “one of the immediate steps” the Trump administration could take “to improve our cyber posture” would be signing the $740 billion National Defense Authorization Act into law, which they said “provides critical tools and authorities to help defend against and disrupt malicious cyber activity and effectively hunt for threats and vulnerabilities on the federal cyber network” and “ensures a coordinated response across the whole of government.” The duo said, “The NDAA is always ‘must-pass’ legislation – but this cyber incident makes it even more urgent that the bill become law without further delay.”

President Trump has repeatedly vowed to reject the bill, which was recently sent to his desk by veto-proof majorities in both the House and Senate, in its current form.

“I will Veto the Defense Bill, which will make China very unhappy. They love it,” Trump claimed in a Thursday tweet. “Must have Section 230 termination, protect our National Monuments and allow for removal of military from far away, and very unappreciative, lands. Thank you!”

The number of federal agencies known to have been targeted by the hack continued to grow on Thursday, with Politico reporting that officials from the National Nuclear Security Administration and its parent agency, the Energy Department, had seen evidence showing their systems were breached by the foreign hackers. Reuters also reported that Microsoft had also been hacked in the SolarWinds hack.

CISA issued a governmentwide directive just before midnight on Sunday to purge all federal agency networks of potentially compromised servers after discovering that, at the very least, the Treasury and Commerce departments were victims of a monthslong cybercampaign suspected by many to be a Russian hacking effort. The Homeland Security Department, the State Department, and the National Institutes of Health are also believed to be victims.

SolarWinds acknowledged Sunday night that its systems had been compromised by hackers who infiltrated the company's Orion software updates in order to distribute malware to its customers' computers. The U.S. network-management company said roughly 18,000 of its customers were affected. Before a list was removed from the company website, it boasted its 300,000 customers included “more than 425 of the US Fortune 500,” the 10 biggest telecommunications companies in the United States, “all five branches” of the U.S. military, and a number of different government agencies — including the State Department, the National Security Agency, the Justice Department, and the Office of the President.

The FBI, CISA, and the Office of the Director of National Intelligence released a joint statement on Wednesday revealing that the “cybersecurity campaign” was “significant and ongoing.” The groups established a Cyber Unified Coordination Group to respond to the crisis and warned that “while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.”

FireEye, a cybersecurity firm that works with government agencies to expose and fight foreign cyberattacks, reported that it discovered a ”highly evasive attacker” infiltrated SolarWinds's Orion software updates. The firm announced last week it had itself also been hacked.

If Russian responsibility is established for the hacks of U.S. government agencies, it would be reminiscent of Russia’s large-scale hacking of the State Department in 2014. Actors affiliated with Russian military intelligence were also named by the U.S. as being responsible for the hacking of the Democratic National Committee’s email systems in 2016.

View original Post


Please enter your comment!
Please enter your name here