A sophisticated cyberattack on US government agencies and private companies that came to light this week poses a “serious risk” and thwarting it will be “very complex,” the US computer security agency said Thursday.
President-elect Joe Biden has expressed “great concern” over the computer intrusion and said cybersecurity will be a “top priority” for his administration.
The US Agency for Cybersecurity and Infrastructure Security (CISA) said US government agencies, critical infrastructure entities and private sector organizations had been targeted by what it called an “advanced threat actor. persistent “.
CISA did not identify who was behind the malware attack, but private security companies have pointed to hackers linked to the Russian government.
US Secretary of State Mike Pompeo also suggested Moscow’s involvement on Monday, saying the Russian government has repeatedly attempted to violate US government networks.
The CISA said the computer intrusions started at least in March 2020 and that the actor behind them had “shown patience, operational security and a complex profession.”
“This threat represents a serious risk,” the CISA said in a statement. “CISA expects removing this threatening actor from compromised environments to be very complex and difficult for organizations.”
Biden, who is due to be sworn in as president on Jan.20, said the breach “potentially affected thousands of victims, including US businesses and federal government entities.”
“My administration will make cybersecurity a top priority at all levels of government – and we will make dealing with this breach a top priority,” he said in a statement.
“We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Biden said. “We will do this, among other things, by imposing substantial costs on those responsible for these malicious attacks.
“Our adversaries must know that as President, I will not stand idly by in the face of cyber attacks on our nation.”
– FBI investigation –
According to CISA, the attackers successfully penetrated computer networks using corporate network management software designed by Texas computer company SolarWinds.
“CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still under investigation,” CISA said.
Hackers have reportedly installed malware on software used by the US Treasury Department and the Department of Commerce, allowing them to view internal email traffic.
SolarWinds said up to 18,000 customers, including government agencies and Fortune 500 companies, downloaded compromised software updates, allowing hackers to spy on email exchanges.
Once the attack was detected, the CISA ordered federal agencies to turn off the violated software.
The content that the hackers sought to steal – and their success – remains unknown.
The FBI has launched an investigation to identify those responsible for the hack and emergency talks have been held at the White House to discuss the government’s response.
US National Security Advisor Robert O’Brien cut short a trip to the Middle East and Europe this week to deal with the fallout from the breach.
(Except for the title, this story was not edited by NDTV staff and is posted from a syndicated feed.)