US intelligence agencies say Russia likely behind hacking of gov't agencies | Inquirer News

US intelligence agencies say Russia likely behind hacking of gov’t agencies

/ 06:35 AM January 06, 2021

FILE PHOTO: The SolarWinds headquarters are seen in Austin, Texas, U.S., December 18, 2020. REUTERS/Sergio Flores/File Photo

SAN FRANCISCO — The office of the U.S. Director of National Intelligence on Tuesday said Russia was “likely” behind a string of hacks identified last month that gained access to several federal agencies.

The office, along with the FBI, the National Security Agency, and Cybersecurity and Infrastructure Security Agency inside the Department of Homeland Security, in a joint statement, said the hackers’ goal appeared to be collecting intelligence, rather than any destructive acts. They said they had so far identified “fewer than 10” agencies that were hacked.

Article continues after this advertisement

The agencies said that the actor, “likely Russian in origin, was responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.” The investigation is continuing, they said, and could turn up additional government victims.

FEATURED STORIES

It was the first formal statement of attribution by the Trump administration.

Elected officials briefed on the inquiry had previously said Russia was behind the hacking spree, but President Donald Trump said it could have been China.

Article continues after this advertisement

Russian officials have denied involvement and did not immediately respond to questions Tuesday.

Article continues after this advertisement

The penetration of departments including Defense, State, Homeland Security, Treasury, and Commerce is already considered the worst known cyber-compromise at least since electronic dossiers on most Americans with security clearances were taken from the Office of Personnel Management five years ago.

Article continues after this advertisement

The security company FireEye, which was itself breached, discovered the new round of attacks, many of which were traced to a tainted software update from SolarWinds, which makes widely used network-management programs.

It remains unknown how the hackers got deep inside SolarWinds’ production system as long as a year ago. Once there, they were able to slip “back doors” into two digitally signed updates of the company’s flagship Orion software.

Article continues after this advertisement

As many as 18,000 customers downloaded those updates, which sent signals back to the hackers. At a small number of high-value targets, the group then manipulated access to cloud services in order to read emails or other content and potentially installed other back doors, making clean-up after discovery a daunting task.

A few major technology companies have said they had at least downloaded the bad code from SolarWinds, and Microsoft said Dec. 31 that the penetration had gone well beyond that, allowing the intruders to view its prized source code, where they might have looked for security flaws.

The attackers also hacked sellers of Microsoft services, which often maintain access to customers, to go after email at non-SolarWinds customers, according to security company CrowdStrike and Microsoft employees.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

Microsoft and federal investigators have not said how many resellers were hacked or how many customers were impacted.

TAGS: microsoft, Russia, SolarWinds, United States

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.