|
This article has been assessed not ready for publication.Please see the review comments on the collaboration page. When these things have been done, and the article is ready to be reviewed and fact-checked, Submit for review?Template:Assistant:Submit/formSubmit for review by changing the |
| This article has been assessed not ready for publication.
Please see the review comments on the collaboration page. When these things have been done, and the article is ready to be reviewed and fact-checked, Submit for review?Template:Assistant:Submit/formSubmit for review by changing the |
Friday, December 18, 2020
On 18 December 2020, the United States Department of Energy confirmed a major software breach after similar attacks on multiple federal agencies in a sophisticated and coordinated breach and the worst cyberattack on the American government ever. In a report issued by the Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) addressing the attack, dubbed “Sunburst”, was said to be “highly complex and challenging”, and further noted “critical infrastructure” has been compromised.
The report, while not specifying what information had been compromised, professed nonetheless the situation posed a “great risk” and went on to say those responsible have “demonstrated patience, operational security, and complex tradecraft” but “the malware has been isolated to business networks only”. The report continued, “CISA has determined that this threat poses a grave risk to the federal government” as well as “private sector organizations.”
Department of Energy spokesperson Shaylyn Hynes told USA Today “It has not impacted the…essential national security functions of the Department, including the National Nuclear Security Administration. When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected.”
The attacks have penetrated federal computer systems through software from IT company SolarWinds. Kevin Mandia, CEO of cybersecurity firm FireEye has called the method malware has been placed “a novel combination of techniques not witnessed by us or our partners in the past.”
Outgoing President Donald Trump did not comment, but the Federal Bureau of Intelligence (FBI), in a joint statement with CISA and Director of National Intelligence John Ratcliffe called the attack “a developing situation…While we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.”
President-elect Joe Biden said in a statement cyber-security will be a “top priority” of his administration, and that “We [the United States] need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place…We will do that by, among other things, imposing substantial costs on those responsible”, while calling today’s attacks “a massive cybersecurity breach affecting potentially thousands of victims.”
Former Homeland Security Advisor to President Trump and Homeland Security Advisor to President Bush Thomas Bossert wrote in an op-ed to the New York Times “The Russians have had access to a considerable number of important and sensitive networks for six to nine months” and that the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call ‘persistent access,’ meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.”
These have been echoed by the Washington Post, positioning blame on Russian hacking firm Cozy Bear/APT 29, noting the firm had hacked the State Department and email servers of the White House under the Obama Administration and its close ties to the spy agencies of Moscow.
Despite this, the Russian Embassy in Washington, D.C. has shared in a statement on Facebook “Malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations.”
Government Accountability Director on Information Technology and Cybersecurity Vijah D’Souza criticised federal agencies for their lackluster “logging” capabilities, and said “Agencies are going to have to continue to do more to build all the pieces of the puzzle.”
According to Reuters, the extraordinary intrusion has included matters of state, defence, homeland security, and commerce as up to 18,000 SolarWinds Orion customers downloaded software updates containing hacker-installed malicious software as early as March 2020. Tech giant Microsoft said it had identified 40+ of its customers targeted in the cyber-attack: predominantly located in the United States, but also in Belgium, Canada, Israel, Mexico, Spain, the United Arab Emirates, and the United Kingdom, and ranging from government organizations to think-tanks.
In a blog post, Microsoft president Brad Smith wrote “It’s a certainty that the number and location of victims will keep growing” and calling the attacks “remarkable for its scope, sophistication and impact.”