Senior Department of Veterans Affairs officials abruptly canceled a scheduled briefing with congressional leaders this week on the scale and impact SolarWinds cyber attack, a large-scale intrusion into the networks of several American agencies and powerful corporations allegedly committed by an elite team of Russian hackers sanctioned by Moscow.
Democrats say the VA has so far offered no explanation for its decision not to inform House and Senate oversight leaders if the attack could have compromised a veteran’s sensitive information, prompting at least one U.S. senator to publicly demand answers. from the head of the agency. This week, VA officials told reporters that there are currently no signs that hackers have taken advantage of the backdoor in their network, which was inadvertently installed by about 18,000 SolarWinds customers this year.
One letter to Veterans Affairs Secretary Robert Wilkie on Wednesday, Connecticut Democrat Sen. Richard Blumenthal said the veterans ‘community is “particularly vulnerable” to the consequences of a violation, citing the huge amount of private veterans’ data held by the department. It remains unclear what measures, if any, Wilkie has taken, Blumenthal said, to assess the risk to retired members of the US military.
“I am alarmed by the potential threat to the VA and am writing to urgently request information on the impact of this incident and what steps are being taken to ensure the resilience and confidentiality of the VA mission,” Blumenthal wrote. “This hack threatens to exacerbate existing privacy issues and allow hackers to share and sell veterans’ personal information.”
G / O Media may receive a commission
Veterans are considered to be at high risk of identity theft due to long-term government practices, such as the use of social security numbers as the primary identifier for service members. Veterans also rely heavily on using a document known as Form DD 214, which contains sensitive information, to prove proof of their service. Blumenthal notes the “necessary dependence” on the document – copies of which VA maintains digitally – as a special vulnerability.
Wilkie is not required to answer Blumenthal’s questions, which include what precautions, if any, have been taken to separate veteran health records from other systems and whether VA has completed a forensic investigation of its cloud resources. The Trump administration has traditionally ignored most of the polls conducted by minority Democrats in Congress.
VA, one of the largest SolarWinds systems customers, could not be contacted immediately for comments. A VA spokesman said CyberScoop on Wednesday, that the agency uninstalled the SolarWinds network monitoring software “out of precaution” and that “there are currently no signs of exploitation”.
Removing an infected copy of the SolarWinds platform would not necessarily guarantee that the alleged Russian hackers no longer have a support point on the network.
Other agencies were also less than forthcoming in connection with the violation, according to CyberScoop. In another letter this week, Sen. Bob Menendez, a New Jersey Democrat, said the US State Department remained “silent if its computer, communications and information technology systems were compromised.”
The SolarWinds attack is one of the most naughty intrusions into US government networks by a state actor from at least the Office of Personnel Management violation of 2015, in which Chinese hackers leaked millions of personnel files and background checks to federal employees. The departments of state, commerce, treasury and internal security, as well as the National Institutes of Health are among the victims of SolarWinds.
Experts say Russian hacking group ATP 29, also known as Cozy Bear, may have infiltrated Texas-based software company SolarWinds as early as 2019, introducing malicious code into copies of the Orion platform, a hacking tool. network management used by dozens of federal agencies. and more than three-quarters of the revenue-based Fortune 500 corporations.
Experts usually associate Cozy Bear, who is attributed to the attack The Pentagon’s e-mail system in 2015 and Democratic National Committee in 2016, with the Russian Foreign Intelligence Service, the predecessor of the KGB.
The malware installed on the Orion platform, known as Teardrop, was extremely sophisticated, according to experts, and, in addition to collecting user credentials and monitoring keystrokes, allowed Cozy Bear to disguise its movements in infected networks, helping them to pass in turn IT Employees.