Newsdeck

Newsdeck

Suspected Russian hacking spree extended beyond SolarWinds users

(Photo: Andrey Rudakov / Bloomberg)

SAN FRANCISCO, Dec 17 (Reuters) - The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised.

By Joseph Menn

The Department of Homeland Security said in a bulletin on Thursday that the spies had used other techniques besides corrupting updates of network management software by SolarWinds , which is used by hundreds of thousands of companies and government agencies.

“The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged,” said DHS’s Cybersecurity and Infrastructure Security Agency, referring to “advanced persistent threat” adversaries.

CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the software, while also pointing out that the hackers did not exploit every network they did gain access too.

CISA said it was continuing to investigate the other avenues used by the attackers. So far, the hackers are known to have at least monitored email or other data within the U.S. departments of Defense, State, Treasury, Homeland Security and Commerce.

As many as 18,000 Orion customers downloaded the updates that contained a back door. Since the campaign was discovered, software companies have cut off communication from those back doors to the computers maintained by the hackers.

But the attackers might have installed additional ways of maintaining access in what some have called the biggest hack in a decade.

For that reason, officials said that security teams should communicate through special channels to ensure that their own detection and remediation efforts are not being monitored.

The Department of Justice, FBI and Defense Department, among others, have moved routine communication onto classified networks that are believed not to have been breached, according to a person briefed on the measures.

CISA and private companies including FireEye, which was the first to discover and reveal it had been hacked, have released a series of clues for organizations to look for to see if they have been hit.

But the attackers are very careful and have deleted logs, or electronic footprints or which files they have accessed. That makes it hard to know what has been taken.

In most networks, they would also have been able to create false data, but so far it appears they were interested only in obtaining real data, people tracking the probes said.

Meanwhile, members of Congress are demanding more information about what may have been taken and how, along with who was behind it. The House Homeland Security Committee and Oversight Committee announced an investigation Thursday, while senators pressed to learn whether individual tax information was obtained.

In a statement, President-elect Joe Biden said he would “elevate cybersecurity as an imperative across the government” and “disrupt and deter our adversaries” from undertaking such major hacks.

(Reporting by Joseph Menn; Editing by Lisa Shumaker)

Gallery

Comments - Please in order to comment.

  • Lesley Young says:

    So much for the ‘advancements’ enabled by computerisation! Nothing can go wrong…go qwrong…go wrong….go wrong……I have a brilliant idea. Let’s move to pen and paper, locked filing cabinets, fax machines etc and forget about all this IT. Its difficult to hack a shorthand note.

  • Kanu Sukha says:

    The recent discloser that Israeli spyware was used to spy on certain journalists, should leave no one in doubt that that regime is nothing more than a ‘front’ of the US … to continue what it has been doing for decades. Now it finds it easy to blame and resort to blaming ‘others’ for doing the same ! Imagine the audacity of using ‘remote’ controlled devices to assassinate leaders of and in another country ! What hypocrisy !

Please peer review 3 community comments before your comment can be posted

We would like our readers to start paying for Daily Maverick...

…but we are not going to force you to. Over 10 million users come to us each month for the news. We have not put it behind a paywall because the truth should not be a luxury.

Instead we ask our readers who can afford to contribute, even a small amount each month, to do so.

If you appreciate it and want to see us keep going then please consider contributing whatever you can.

Support Daily Maverick→
Payment options

Daily Maverick Elections Toolbox

Download the Daily Maverick Elections Toolbox.

+ Your election day questions answered
+ What's different this election
+ Test yourself! Take the quiz