The U.S. Department of Homeland Security was the third federal department targeted in a major cyber attack, U.S. media reported Monday a day after Washington revealed the hack, which may have been coordinated by a foreign government.
The Washington Post cited unnamed officials who said DHS – which is concerned with protecting the country from attacks online and offline – was added to a growing list of targets in the attack, including the Treasury and Commerce departments.
A DHS statement on Monday did not confirm the report, saying only that it was “aware of cyber breaches through the federal government and has worked closely with our partners in the public and private sector on the federal response.”
The Agency for Security and Infrastructure (CISA), linked to DHS, on Sunday said it had ordered federal agencies to immediately stop using SolarWinds Orion IT products after reports that hackers used a recent update to access internal communications.
“We urge all our partners – in the public and private sectors – to assess their exposure to this compromise and secure their networks,” said CISA Acting Director Brandon Wales.
SolarWinds over the weekend acknowledged that hackers were exploiting a backdoor in an update of some of its programs released between March and June.
The hacks are part of a larger campaign that also hit a major cybersecurity firm FireEye, which said its own defenses were broken by complex attackers who stole tools used to test customers ’computer systems.
FireEye said it suspects the attack is state-subsidized, and warned it could affect many high-profile targets around the world.
“This campaign may have started as early as spring 2020 and is currently ongoing,” FireEye said in a blog post.
“Russia involved?” –
The content the hackers sought to steal – and how successful they were – is not known at this time.
“We believe this is a very significant national state action, aimed at both the government and the private sector,” said IT giant Microsoft, which is also investigating, in a blog post.
While Microsoft refrained from naming a country, several US media outlets pointed the finger at the Russian group “APT29”, also known as “Comfort Bear”.
According to the Washington Post, the group is part of Moscow’s secret services, and hacked servers at the State Department and the White House during the Obama administration.
The Russian embassy in the United States categorically denied the allegations in a statement on Facebook.
And the public and private sectors need to be increasingly guarded against such hacks, warned Hank Schless, senior director of Lookout, a mobile security company.
“Opposing nation-states have recognized the value of targeting both sectors, which means neither of them is safe from the kinds of attacks that have government resources behind them,” he said.
Matt Walmsley of Vectra, which provides cyber attack services from its base in California, agreed.
“Security teams need to drastically reduce the overall risk of a breach by gaining immediate visibility and understanding of who and what accesses data or changes settings, regardless of how they do it and from where,” he said.
(Except for the headline, this story was not edited by NDTV staff and is published by a union stream.)