The Cyber Security and Infrastructure Protection Agency (CISA) issued an “emergency order” late Sunday, urging all federal civil agencies to reconsider their networks and immediately disconnect Solar Winds Orion software products, which are suspected to be Russian hackers in the treasury and trade sector.
Why this is important: This is the fifth time since 2015 that the Department of Homeland Security has issued such an order. One underscores the concerns of the authorities about an action warned by a cyber security expert that “is one of the most influential spy campaigns on record.” “
Large image: The news of the hack came less than a week after news broke that cybersecurity firm FireI had been hacked by national government hackers who had hacked into its network.
- The Russian hacking group APT29, also known as Kozie Bear, is believed to have links with Russia’s Foreign Intelligence Service (SVR), the Washington Post reported.
- Solar Winds, whose software is believed to have been compromised, has 300,000 customers worldwide, including “five branches of the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice and The White House,” for the AP.
What they say: “Based on our analysis, we have now identified several organizations that are showing signs of compromise before the spring of 2020, and are in the process of notifying those organizations,” Fire wrote in a blog post.
- “Our analysis indicates that these compromises are not self-propagating; each attack requires a planned and manual approach.
Note: President Trump fired Christopher Grepps, the former director of Sisa, last month after Krepps undermined him by calling the U.S. election “the most secure in American history.”