A sophisticated cyberattack on US government agencies and private companies revealed a "grave risk" and thwarting it will be "highly complex," the US Cybersecurity and Infrastructure Security Agency said.
Federal authorities have expressed increased alarm about an intrusion into US and other computer systems around the globe that officials suspect was carried out by Russian hackers.
The Cybersecurity and Infrastructure Security Agency said in its most detailed comments yet that the intrusion had compromised federal agencies as well as “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo.
The agency warned of a “grave” risk to government and private networks.
CISA did not say which agencies or infrastructure had been breached or what information taken in an attack that it previously said appeared to have begun in March.
“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the agency said in its unusual alert. “CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.”
The hack, if authorities can indeed prove it was carried out by a nation such as Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.
🚨 ACTIVITY ALERT 🚨— US-CERT (@USCERT_gov) December 17, 2020
Review @CISAgov’s new Alert on the #APT campaign against federal agencies & critical infrastructure, providing updated affected product versions, IOCs, ATT&CK® techniques, and mitigation steps. https://t.co/ZgzAbUNKjL #Cyber #Cybersecurity #Infosec pic.twitter.com/QnntuVhUXb
Read our statement, jointly released with @FBI and @ODNIgov, on the significant, ongoing cybersecurity campaign that has affected networks within the federal government: https://t.co/zu5nl1S4o3.#Cyber #InfoSec #Cybersecurity #InfoSecurity #NetworkSecurity #InformationSecurity— Cybersecurity and Infrastructure Security Agency (@CISAgov) December 17, 2020
Differing Trump, Biden positions
Trump, whose administration has been criticised for eliminating a White House cybersecurity adviser and downplaying Russian interference in the 2016 presidential election, has made no public statements about the breach.
President-elect Joe Biden said he would make cybersecurity a top priority of his administration, but that stronger defences are not enough.
“We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
The cybersecurity agency previously said the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods, as well.
Over the weekend, amid reports that the Treasury and Commerce departments were breached, CISA directed all civilian agencies of the federal government to remove SolarWinds from their servers.
The cybersecurity agencies of Britain and Ireland issued similar alerts.
Business networks targetted
The US Energy Department said that it was responding to a cyber-breach related to the SolarWinds hack that was isolated to business networks.
"At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration," said spokeswoman Shaylyn Hynes in a release.
The US tech giant Microsoft was hacked with the help of SolarWinds software.
The company said it detected a malicious version of software from SolarWinds inside the company but that its investigation so far showed no evidence hackers had used Microsoft systems to attack customers.
FBI opens investigation
A US official previously told The Associated Press that Russia-based hackers were suspected, but neither CISA nor the FBI has publicly said who is believed be responsible. Asked whether Russia was behind the attack, the official said: “We believe so. We haven’t said that publicly yet because it isn’t 100 percent confirmed.”
Another US official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, said the hack was severe and extremely damaging although the administration was not yet ready to publicly blame anyone for it.
“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”
The FBI has opened an investigation to identify those responsible for the hack and emergency discussions have been held at the White House to discuss the government's response.
US National Security Advisor Robert O'Brien cut short a trip to the Middle East and Europe this week to deal with the fallout from the breach.