CISA – Extent of Hacker Intrusion Worst in American History

Last weekend, it was discovered that the US government was hacked, and hacked extensively. Russians are the prime suspect, but CISA isn’t saying exactly who conducted the worst cybersecurity breach in American history. And we were not alone – the hack has been ongoing for months in other countries as well. The access point for the hackers appears to be SolarWinds “Orion” software. And it may not be the only open door.

The discovery of the hack occurred last weekend with the Departments of Treasury and Commerce, as well as the Department of Energy. Then the extent widened to around 40 US agencies and private entities that were subject to the hack.

CISA (Cybersecurity and Infrastructure Security Agency): The hack is a ‘grave risk’ to ‘critical infrastructure’ – “They got into everything”

The agency previously said the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods, as well.

Tech giant Microsoft, which has helped respond to the breach, revealed late Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

Fox Business

CISA ordered all US agencies to remove SolarWinds software from their computers, and to purge all compromised servers. Cybersecurity agencies in both the UK and Ireland immediately did the same. Private companies are scrambling to see how much of their data was breached and remove the problem. But removing servers and the software in them is not as easy as it sounds, and the resultant voids can create nightmares for all agencies. It’s extensive damage across the board – and expensive to repair. Especially after learning it might not be the only “vector” that is involved in the breaches.

The cybersecurity agency noted that it “expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations,” adding: “It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures that have not yet been discovered.”

CISA said that it will continue to investigate incidents that “exhibit adversary TTPs consistent with this activity, including … were victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed.”…

…Furthermore, SolarWinds acknowledged in a Sunday statement that its systems were compromised by hackers, saying its Orion software update was the means by which the hackers exploited. The malign actors then distributed malware to its customers’ computers, the Texas-based firm said.

The Epoch Times

Fatal flaw in the software

A security researcher named Vinoth Kumar stated that the security problem with SolarWinds Orion software went back to 2018. Their 2019 update was easily accessed by the password ‘solarwinds123’ – he notified SolarWinds of the issue in November of 2019 and they responded with a ‘fix.’ The current access point appears to have been used since around March of 2020.

“SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” the company said in an SEC filing on Monday.

Although responsibility for the cyberattack has not been confirmed, Russia has emerged as a prime suspect. Russia’s embassy in Washington, D.C. and a spokesperson for Russian President Vladimir Putin have denied that the country was involved.

Newsweek

Experts have warned for decades that the US power grid was vulnerable to attack, and the Department of Energy was part of this hack. Vulnerabilities exploited in the US government and private entities were extensive and dangerous. Senators wrote a letter to FBI Director Christopher Wray and Acting Director of CISA Brandon Wales demanding to know the extent of the damage and exactly which agencies were affected, and wanting a briefing on the issue.

*****

Featured photo: file

Sign up for our Uncle Sam’s Misguided Children newsletter and check out our shop while you’re there! Our website link has been censored on Facebook and Instagram, so be sure to visit us on the web or Twitter, Parler, and Me We for our op-eds on the news. Our new Instagram account is here.