U.S. government agencies and private companies were spared the moons to secure their new information after a sophisticated and protracted intrusion was released that is suspected to have been carried out by Russian hackers.
At the moment the magnitude of the day is not clear. But the potential threat was significant enough for the Department of Homeland Security’s cybersecurity unit instructing all federal agencies to remove the redesign management software that was compromised and thousands of companies were expected to do the same.
What caught the attention of the operation was its potential reach, as well as the way in which the perpetrators recorded drilling cyber defenses and accessing the Department of the Treasury and Commerce’s e-mail and internal files and possibly from other places.
The intrusion was convincing proof of the vulnerability of the remnants of the government that are supposed to be safe, even after previous pirates.
“It’s a record that the offensive is easier than the defense and that we still have a lot of work to do,” said Suzanne Spaulding, a former federal cybersecurity official who is currently the chief adviser at the Center for Strategic and International Studies.
The identity of the perpetrator has not been disclosed. A U.S. government official, who spoke on condition of anonymity due to an ongoing investigation, told The Associated Press on Monday that he suspected Russian hackers.
The Washington Post, citing unidentified sources, said the attack was carried out by Russian government hackers who used the nicknames APT29 or Cozy Bear and are part of the foreign intelligence service of this nation.
The intrusion is known after a major cybersecurity company, FireEye, allegedly broke into its system and warned that foreign governments and large companies had also been compromised.
The company did not point out a possible suspect, although many experts believe Russia was responsible given the level of capabilities involved.
U.S. authorities acknowledged that federal agencies were affected by the hacking on Sunday, providing few details.
The Cyber Security and Infrastructure Agency (CISA) said in an unusual directive that the widely used network of SolarWinds software had been compromised and should be removed from any system that used it.
The national cybersecurity agencies in Britain and Ireland will issue similar alerts.