Hackers' broad attack sets cyber experts worldwide scrambling to defend
networks
Send a link to a friend
 [December 19, 2020] By
Jack Stubbs
(Reuters) -Suspected Russian hackers who
broke into U.S. government agencies also spied on less high-profile
organizations, including groups in Britain, a U.S. internet provider and
a county government in Arizona, according to web records and a security
source.
More details were revealed on Friday of the cyber espionage campaign
that has computer network security teams worldwide scrambling to limit
the damage as a senior official in the outgoing administration of U.S.
President Donald Trump explicitly acknowledged Russia's role in the hack
for the first time.
Secretary of State Mike Pompeo said on the Mark Levin radio show "I
think it's the case that now we can say pretty clearly that it was the
Russians that engaged in this activity."
Networking gear maker Cisco Systems Inc said a limited number of
machines in some of its labs had been found with malicious software on
them, without saying if anything had been taken. A person familiar with
the company's ongoing probe said fewer than 50 were compromised.
In Britain, a small number of organizations were compromised and not in
the public sector, a security source said.
Shares in cyber security companies FireEye Inc, Palo Alto Networks and
Crowdstrike Holdings rose on Friday as investors bet that the spate of
disclosures from Microsoft Corp and others would boost demand for
security technology.
Reuters identified Cox Communications Inc and Pima County, Arizona
government as victims of the intrusion by running a publicly available
coding script https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/?enowpopup
from researchers at Moscow-based private cybersecurity firm Kaspersky.
The hack hijacked ubiquitous network management software made by
SolarWinds Corp. Kaspersky decrypted online web records left behind by
the attackers.
The breaches of U.S. government agencies, first revealed by Reuters on
Sunday, hit the Department of Homeland Security, the Treasury
Department, State Department and Department of Energy. In some cases the
breaches involved monitoring emails but it was unclear what hackers did
while infiltrating networks, cybersecurity experts said.
Trump has not said anything publicly about the intrusion. He was being
briefed "as needed," White House spokesman Brian Morgenstern told
reporters. National security adviser Robert O'Brien was leading
interagency meetings daily, if not more often, he said.
"They're working very hard on mitigation and making sure that our
country is secure. We will not get into too many details because we're
just not going to tell our adversaries what we do to combat these
things," Morgenstern said.
[to top of second column] |
A SolarWinds sign is seen outside its headquarters in Austin, Texas,
U.S., December 18, 2020. REUTERS/Sergio Flores/File Photo
No determinations have been made on how to respond or who was responsible, a
senior U.S. official said.
SolarWinds, which disclosed its unwitting role at the center of the global hack
on Monday, has said that up to 18,000 users of its Orion software downloaded a
compromised update containing malicious code planted by the attackers. The
attack was believed to be the work of an "outside nation state," SolarWinds said
in a regulatory disclosure.
People familiar with the matter have said the hackers were believed to be
working for the Russian government. Kremlin spokesman Dmitry Peskov dismissed
the allegations.
On Friday, U.S. Representative Stephen Lynch, head of the House of
Representatives Committee on Oversight and Reform panel's national security
subcommittee, said the information provided by the Trump administration was
"very disappointing."
"This hack was so big in scope that even our cybersecurity experts don't have a
real sense yet in terms of the breadth of the intrusion itself," adding that it
would take some time to fully vet all the agencies and targets.
The breach appeared to provide President-elect Joe Biden with an immediate
headache when he takes office on Jan. 20. His transition team's executive
director Yohannes Abraham told reporters on Friday there would be "substantial
costs" and the incoming administration "will reserve the right to respond at a
time and in a manner of our choosing, often in close coordination with our
allies and partners."
Microsoft, one of the thousands of companies to receive the malicious update,
said it had notified more than 40 customers whose networks were further
infiltrated by the hackers.
Around 30 of those customers were in the United States, Microsoft said, with the
remaining victims found in Canada, Mexico, Belgium, Spain, Britain, Israel and
the United Arab Emirates. Most worked with information technology companies,
some think tanks and government organizations.
(Reporting by Jack Stubbs, Ryan McNeill, Raphael Satter, Mark Hosenball,
Christopher Bing, Joseph Menn; additional reporting by Trevor Hunnicutt and
Steve Holland; Writing by Grant McCool; Editing by Chris Sanders, Richard Chang
and Daniel Wallis)
[© 2020 Thomson Reuters. All rights
reserved.] Copyright 2020 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
