U.S. Hack on Government Agencies Affects Microsoft and Many MoreThe alert from the Cybersecurity and Infrastructure Security Agency (CISA) also warns that removing the hackers from compromised systems won't be easy.
By狗万滚球app•
This story originally appeared onPCMag
UPDATE:Microsoft was also hacked,accordingtoReuters, citing unnamed sources. The company's own software tools were then used to attack other victims. However, Microsoft President Brad Smith isdenyingthe report.
— Frank X. Shaw (@fxshaw)December 18, 2020
Original story:
The massivehack对美国政府可能比previously thought.
On Thursday,Politicoreportedthe hackers broke into the US Energy Department and National Nuclear Security Administration, which maintains the country's nuclear weapons stockpile. However, it remains unclear what the culprits might have accessed.
On the same day, the cybersecurity division under the Department of Homeland Security warned the massive breach was pulled off using a variety of tactics. "CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated," the Cybersecurity and Infrastructure Security Agency said in thealert.
The additional "access vectors" refers to a report from the cybersecurity firmVolexity, which revealed evidence the same culprits hacked a think tank by exploiting a vulnerability in itsMicrosoft Exchange Control Panel. The attackers then bypassed themulti-factorauthentication system to access a victim's email inbox.
As a result, it's possible the culprits behind the breach may have hit more victims through other vulnerable software. The other bad news deals with recovering from the attack. "CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations," the agency added.
CISA's alert goes on to describe the threat as a "grave risk" to not only the federal government, but also to state, local, and tribal governments, in addition to organizations that run the US's critical infrastructure. Investigators currently believe the breach began in March.
CISA refrained from naming specific victims. ButaccordingtoThe Washington Post, the suspected Russian state-sponsored hackers hit several federal agencies, including DHS and the State, Commerce, and Treasury Departments. The attackers did so by tampering with software updates from IT company SolarWinds, enabling the culprits to distribute malicious computer code to about 18,000 customers.
As the US grapples with the hack's full scope, lawmakers are concerned the breach may have also ensnared US taxpayer data since the IRS appears to have been a SolarWinds customer.
On Thursday, Senators Chuck Grassley (R-Iowa) and Ron Wyden (D-Oregon) sent aletterto the IRS's commissioner demanding a briefing on the matter. "It is imperative that we understand the extent to which the IRS may have been compromised. It is also critical that we understand what actions the IRS is taking to mitigate any potential damage," the senators wrote.
The IRS did not immediately respond to a request for comment. In the meantime, the incoming Biden administration hassaidit'll make "cybersecurity a top priority at every level of the government" in response to the hack.
"But a good defense isn't enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place," the statement from the Biden transition team added.
