Senior Veterans Affairs Department officials abruptly canceled a briefing scheduled with congressional leaders this week on the scope and impact of the Cyberattack SolarWinds, a powerful intrusion into the networks of multiple US agencies and powerful corporations allegedly perpetrated by an elite team of Russian-sanctioned Russian hackers.
Democratic lawmakers say so far the VA has not provided any explanation for its decision not to inform House and Senate control leaders if the attack may have compromised the sensitive information of any veteran, which has led to that at least one U.S. senator ask for answers from the head of the agency. This week, VA officials told reporters that there are currently no indications that hackers have taken advantage of the back door of their network, which has been inadvertently installed by approximately 18,000 SolarWinds customers this year.
In a letter to Veterans Affairs Secretary Robert Wilkie on Wednesday, Sen. Richard Blumenthal, a Democrat from Connecticut, said the veterans community is “particularly vulnerable” to the consequences of an offense, noting the immense amount of private data from veterans which has the department. According to Blumenthal, it is still unclear what steps Wilkie has taken to assess the risk to retired members of the U.S. combat forces.
“I am alarmed by the potential threat to the AV and am writing to request urgent information on the impact of this incident and what steps are being taken to ensure the resilience and confidentiality of the AV mission,” Blumenthal wrote . “This hack threatens to exacerbate existing privacy issues and allow hackers to share and sell personal information of veterans.”
G / O Media may receive a commission
Veterans are considered to be at high risk of identity theft due to long-term government practices, such as the use of Social Security numbers as the primary identifier for service members. Veterans also rely heavily on the use of a document known as Form DD 214, which contains confidential information, to prove proof of their service. Blumenthal points to the “necessary reliance” on the document — copies of which the VA maintains digitally — as a particular vulnerability.
Wilkie is not required to answer Blumenthal’s questions, which include what precautions have been taken, if any, to separate health records from veterans from other systems and whether the VA has completed a forensic investigation into its resources. in the cloud. The Trump administration has traditionally ignored most consultations conducted by minority Democrats in Congress.
The VA, one of SolarWinds ’largest federal customers, could not be contacted immediately for comments. A VA spokesman he told CyberScoop on Wednesday that the agency uninstalled SolarWinds’ network control software “with great caution” and that “there are currently no signs of exploitation.”
Removing an infected copy from the SolarWinds platform did not necessarily guarantee that the alleged Russian hackers would no longer have a support point on the network.
According to CyberScoop, other agencies have been less than close on the rape. In another letter this week, Sen. Bob Menendez, a New Jersey Democrat, said the U.S. State Department has remained “silent on whether its computer, communications and technology systems the information was compromised “.
The SolarWinds attack represents one of the most blatant intrusions into U.S. government networks by a state actor from at least the Office of Personnel Management default of 2015, in which Chinese hackers exfiltrated millions of personnel files and checked the background of federal employees. The Departments of State, Commerce, Finance and Homeland Security, as well as the National Institutes of Health, are among SolarWinds ’victim list.
Experts say Russian hacker group ATP 29, also known as Cozy Bear, may have infiltrated Texas-based software company SolarWinds as early as 2019, inserting malicious code into copies of Orion Platform , a network management tool used by dozens of federal agencies. and more than three-quarters of revenue-based Fortune 500 companies.
Experts usually associate Cozy Bear, to whom the attack is attributed The Pentagon’s email system in 2015 and the Democratic National Committee in 2016, with the Russian foreign intelligence service, the predecessor of the KGB.
According to experts, the malicious software deployed on the Orion platform, known as Teardrop, was very sophisticated and, in addition to collecting user credentials and monitoring their keystrokes, allowed Cozy Bear to mask its movements on networks. infected, helping them pass so common IT Employees.