The United States authorities issued a warning on Thursday about the “serious” threat posed by recent cyber attacks against federal agencies – and those in other countries as well – that officials suspect were executed by Russian hackers.
The Cyber Security and Infrastructure Agency (CISA, for the abbreviation in English), which is dependent on the Department of Homeland Security (DHS), said on Thursday that these attacks “They pose a serious risk to federal and state, local, tribal and territorial governments, as well as to critical infrastructure entities and other private organizations.”
These were the most detailed comments the CISA has made to date since reports surfaced last weekend that government agencies, including the Treasury and Commerce Departments, were among those whose data and emails were penetrated by the sophisticated. hacking.
The agency also warned that malware will be difficult to remove inserted via network software.
On Wednesday evening, the CISA, the FBI and the US Director of National Intelligence announced in a joint statement that the sophisticated cyberattack is still underway as the government tries to verify the extent of the damage: “It is a situation that is evolving, and we continue to calibrate this campaign that affected the networks within the federal government.”
Some of America’s best-kept secrets may have been stolen in a disciplined, multi-monthly operation blamed on elite Russian government hackers. The possibilities of what could have been stolen are puzzling.
Have Hackers Stolen Nuclear Secrets? COVID-19 Vaccine Facts? Blueprints for Next Generation Weapon Systems?
It takes weeks, in some cases maybe years, for digital detectives investigating the federal government and private industry networks to get answers. These hackers are consummate professionals when it comes to covering their tracks, experts say. Some may never be discovered.
What seems clear is this campaign -that cybersecurity experts assure it exhibits the same tactics and techniques as the Russian foreign intelligence agency SVR- it will become one of the most prolific in the history of cyber espionage.
United States government agencies, including the Treasury and Commerce Departments, were among a dozen public and private sector targets known to have been infiltrated in attacks dating back to March through a commercial software update distributed to thousands of companies and government agencies around the world. A Pentagon statement released Monday indicated he had used the software. It noted that it had “issued orders and guidelines to protect its networks.” It did not specify – for “operational security reasons” – whether any of its systems had been infiltrated.
On Tuesday, the Acting Secretary of Defense, Chris Millersaid to the local chain CBS News that there was no evidence to date that the system had been compromised.
In the months since the update, hackers have carefully extracted data, often encrypted it so as not to reveal the theft, and expertly hid their tracks.
Thomas Rid, a cyber conflict expert for Johns Hopkins, said the possible effectiveness of the operation could be compared to the three-year “Moonlight Maze” hack Russia carried out in the 1990s against targets set by the US government, including NASA and the Pentagon. . A federal investigation determined that the height of the documents – if printed and stacked – would be three times that of the Washington Monument.
In this case, “a realistic estimate is that the documents they retrieved from different government agencies are the size of different monuments to Washington,” Rid said. “How would they use that? They may not even know.”
The Washington Post newspaper, citing unidentified sources, said the attack was carried out by hackers from the Russian government who use the nicknames APT 29 or Cozy Bear and who are part of that country’s foreign intelligence service.
The break-in came after a major cybersecurity company, FireEye, learned that their system had been compromised and warned that foreign governments and large corporations had also been compromised. The company has not found a possible suspect, although many experts believe Russia was responsible given the level of capabilities involved.
US authorities acknowledged that federal agencies were affected by the hack on Sunday, giving few details. The Infrastructure and Cyber Security Agency said in an unusual directive that the widely used SolarWinds software network has been compromised and should be removed from any system that uses it.
The national cybersecurity agencies of Great Britain and Ireland have issued similar warnings.
With AP information
Keep reading:
Vladimir Putin’s disturbing statement about the attempt to murder Alexei Navalny: “If they had wanted to, they would have done the job”