US officials have alerted that a big hacking campaign exposed this week poses a grave risk to the government, pivotal infrastructure and the private sector.

The US Treasury and commerce departments were among who attacked. The US Cybersecurity and Infrastructure Security Agency (Cisa) said preventing the attack would be highly difficult. Most officials doubt the Russian government is behind this. It has denied the claims as baseless.

On Thursday in a statement, Cisa said government agencies, pivotal infrastructure institutions and private sector organisations had been intended by what it called an advanced persistent threat player, beginning in at least March 2020. The player behind the hacks demonstrated patience, operational security, and complex tradecraft in these violations, it said.

Cisa did not recognize who was behind the attack, which agencies and organisations had been busted, or what information had been taken away or exposed.

In the intervening period of time, US President-elect Joe Biden said he would make cyber-security a top priority of his administration. We need to impede and put off our contenders from undertaking remarkable cyber-attacks in the first place, he said. We will do that by, among other things, imposing considerable costs on those responsible for such vitriolic attacks, including in coordination with our allies and partners.

What's The Background?

Several US government agencies are reported to have been attacked in the hacking campaign, which has been described as remarkable and under way.

Hackers are known to have at least tracked data within US departments including state, defence, homeland security, treasury and commerce, Reuters news agency reports. The Energy Department and National Nuclear Security Administration also have evidence that hackers gained access to their networks, Politico magazine reported, pointing to officials familiar with the matter.

Cisa said the culprits managed to breach computer networks using network management software made by the Texas-based IT company SolarWinds.

Up to 18,000 SolarWinds Orion customers downloaded updates carrying a back door that let hackers breach in.

All US federal civilian agencies were told to eliminate SolarWinds from their servers previously this week as a result of the hack.

On Thursday in its statement, Cisa said it was probing evidence of additional access vectors, other than the SolarWinds Orion platform. Cisa and the FBI have not revealed who is believed to be behind the attacks, but private security companies and officials quoted in US media have fingered at Russia.

On Monday in a statement shared on social media, the Russian embassy in the US said it does not run derogatory operations in the cyber domain.


Related Blogs