A senior official in the administration said an emergency cyber response committee meeting is scheduled for Monday afternoon to discuss U.S. government violations. U.S. officials believe the attacks were carried out by a Russian-linked company or Russian individuals, but have not yet finalized which actors were responsible.
“We have an opinion on who is behind the violations,” said another executive, who also confirmed an emergency cyber response team meeting on Monday. “But forensic drugs like this will take time to get down, if they are not slow about it.”
Initial reports from technology company Solarwinds say its structure was compromised by hackers, claiming that the operation was sophisticated and “highly targeted”, meaning that the crime may take some time to be properly reported.
But in the meantime, top US officials, including Secretary of State Mike Pompeo, have not backed down from pointing out that Russia is involved.
When asked about the hack on Monday, Pompeo cited a series of Russian attempts to bypass servers owned by US government agencies and businesses, but did not provide further details.
“I can only say that this is a continuing attempt by the Russians to get not only government servers but also businesses into US servers,” Pompeo said in an interview with Primaport News Radio.
The Russian embassy in Washington, on the other hand, has forcibly denied any involvement in the hack, which was first reported by Reuters on Sunday, saying in a statement: “We have focused on another unsubstantiated attempt by the US media to accuse the hacker of Russia. Attacks on US government agencies.”
Linked to a previous violation?
But despite the embassy’s statement that “Russia has not carried out offensive operations in the cyber space,” Moscow has been linked to a number of recent violations, including the hacking of Fire Eye last week, in which an attacking “Red Team” compromised equipment to protect customers, including government customers.
FireE described a “global intrusion campaign” that exploits a critical flaw in the network surveillance product sold by IT network management company Solar Winds. The victims included government, consulting, technology, telecommunications and extraction agencies in North America, Europe, Asia and the Middle East, and a second blog post says they expect more victims in other countries and vertically.
A source familiar with both the fire and the attacks reported on Sunday told CNN that “this is all relevant.”
“These kinds of attacks that enhance trusting relationships are extraordinarily difficult to detect and protect in real time,” the person said, adding that while the trade and treasury sectors have so far been identified, “there is no doubt more.”
The U.S. Department of Commerce on Sunday confirmed that the attack, believed to have links to Russia, was the victim of data breaches.
“We can confirm that a breach has occurred at one of our consoles,” the Commerce Department told CNN. “We have asked the CISA and the FBI to investigate. We cannot comment further at this time.”
The Department of Homeland Security’s cybersecurity and infrastructure security organization also confirmed the data security incident, saying in a statement to CNN that “we are working closely with our corporate partners on the recently discovered activity in government networks.”
“CISA provides technical assistance to affected companies to find any compromises and mitigate them,” the report continued.
The CISA issued an order late on Sunday saying that technology company Solar Winds was compromising and that it “poses unacceptable risks to the security of federal networks.”
Solar Winds Orion products are used by many federal civil agencies for network management, and urges CISA agencies to reconsider their networks for possible signs of data breach. This is only the fifth emergency order since 2015, when Sisa was created by Congress in the Cyber Security Act.
Solar Winds said in a statement on Sunday night that the breach of their structure “could have been carried out by a foreign national government and could have been a short, highly targeted and manually executed attack, as opposed to a broader, computer-wide attack.”
‘Massive national security failure’
On Monday, the technology company said it believed “less than 18,000” customers may have been affected by the software vulnerability.
In a new fundraiser, Solar Winds said it “out of a total of 300,000 customers,” the company believes the number of actual customers who may have installed Orion products will be less than 18,000.
Solar Winds has released a software update that addresses a flaw and the company expects to offer a second software update by December 15 to “further fix” the security gap.
Microsoft responded to the hack in a blog post overnight, telling customers that it had updated its anti-spyware program to detect Solar Winds vulnerability.
“We believe this is a significant nation-state activity targeting both the public and private sectors … We would like to reassure our customers that we have not identified any Microsoft product or cloud service vulnerabilities in these investigations,” he said.
Sen from the Democratic Party of Oregon, who serves on the Senate Intelligence Committee. Ron Wheaton warned Monday that the damage caused by the breach was “far more significant than is currently known”.
“If the reports are true, if state-funded hackers have successfully snatched malware-complex software into several federal agencies, our country has suffered a massive national security failure, which could lead to years of change,” he told CNN. “I urge the government to provide more information on the full purpose of this violation and the steps agencies will take to mitigate it. I fear the damage is far greater than is currently known.”
“I have warned for years that the government is falling short in terms of protecting federal systems, and this violation unfortunately proves me right. To begin with, it’s too late to eliminate the lax practice of allowing agencies to install high-risk software in government. Organizations without a full security review,” he added.