US cyber-attack: Hack of government agencies and companies poses ‘grave risk’

US cyber attack

US officials have warned that a sophisticated hacking campaign uncovered this week poses a “grave risk” to the government, critical infrastructure and the private sector.


The FBI is among those investigating the hacking campaign
The FBI is among those investigating the hacking campaign


The US Treasury and Commerce departments were among those attacked.


The US Cybersecurity and Infrastructure Security Agency (Cisa) said thwarting the attack would be “highly complex and challenging”.


Many suspect the Russian government is responsible. It has denied the claims.


In a statement on Thursday, Cisa said government agencies, critical infrastructure entities and private sector organisations had been targeted by what it called an “advanced persistent threat actor”, beginning in at least March 2020.


The actor behind the hacks “demonstrated patience, operational security, and complex tradecraft in these intrusions”, it said.


Cisa did not identify who was behind the attack; which agencies and organisations had been breached; or what information had been stolen or exposed.


Meanwhile, US President-elect Joe Biden said he would make cyber-security a “top priority” of his administration.


What’s the background?

Several US government agencies are reported to have been attacked in the hacking campaign, which has been described as “significant and ongoing.”


Hackers are known to have at least monitored data within US departments including state, defence, homeland security, treasury and commerce, Reuters news agency reports.


The Energy Department and National Nuclear Security Administration also have evidence that hackers accessed their networks, Politico magazine reported, citing officials familiar with the matter.


Cisa said the perpetrators managed to breach computer networks using network management software made by the Texas-based IT company SolarWinds.


Up to 18,000 SolarWinds Orion customers downloaded updates containing a back door that let hackers in.

All US federal civilian agencies were told to remove SolarWinds from their servers earlier this week as a result of the hack.


Tech giant Microsoft said it had identified more than 40 of its customers who were targeted in the cyber-attack, including government agencies, think tanks, non-governmental organisations and IT companies. About 80% of these were in the US, while others were in Canada, Mexico, Belgium, Spain, the UK, Israel and the UAE.


The company’s president Brad Smith said the attack was “remarkable for its scope, sophistication and impact”.

It “unfortunately represents a broad and successful espionage-based assault on both the confidential information of the US government and the tech tools used by firms to protect them,” he wrote in a blog post.

Cisa and the FBI have not publicly said who they believe to be behind the attacks, but private security companies and officials quoted in US media have pointed the finger at Russia.


In a statement shared on social media on Monday, the Russian embassy in the US said it “does not conduct offensive operations in the cyber domain”.


Get real time updates directly on you device, subscribe now.

Subscribe to our newsletter
You can unsubscribe at any time

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More