The US Department of Homeland Security was the third federal department to be attacked in a major cyber attack, US media reported Monday, the day after Washington revealed the hack, which may have been coordinated by a foreign government.
The Washington Post quoted unnamed officials as saying the DHS, which is responsible for protecting the country from online and offline attacks, has been added to a growing list of targets for the attack, including treasury and commerce departments.
A statement by DHS on Monday did not confirm the report, merely saying that it was “aware of cyber violations across the federal government and working closely with our partners in the public and private sectors in the federal response.”
The DHS-affiliated Cybersecurity and Infrastructure Security Agency (CISA) announced on Sunday that it had ordered federal agencies to stop using SolarWinds Orion IT products immediately after reports that hackers recently used an update to gain access to it internal communication.
“We urge all of our partners, both public and private, to assess their exposure to this compromise and secure their networks,” said Brandon Wales, acting director of CISA.
SolarWinds admitted over the weekend that hackers exploited a back door in an update to some of its software released between March and June.
The hacks are part of a broader campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers’ computer systems.
FireEye suspected that the attack was government sponsored and warned that numerous high profile targets around the world could be affected.
“This campaign may have started as early as Spring 2020 and is currently ongoing,” FireEye said in a blog post.
– Russia involved? – –
The content the hackers attempted to steal – and how successful they were – is currently unknown.
“We believe that this is a nation-state activity on a significant scale, which is aimed at both the government and the private sector,” said the IT giant Microsoft, which is also investigating, in a blog post.
While Microsoft failed to name a country, several US media pointed the finger at the Russian group “APT29”, also known as “Cozy Bear”.
The group is part of Moscow’s intelligence services, according to the Washington Post, and hacked servers at the State Department and the White House during the Obama administration.
The Russian Embassy in the United States categorically denied the allegations in a statement posted on Facebook.
Both the public and private sectors are increasingly having to protect themselves from such hacks, warned Hank Schless, senior manager at Lookout, a California-based mobile security company.
“Opposing nation-states have recognized the value of targeting both sectors, which means neither is safe from the types of attacks that state resources are behind,” he said.
Matt Walmsley of Vectra, who provides cyber attack detection services from its California base, agreed.
“Security teams must dramatically reduce the overall risk of a breach by instantly recognizing and understanding who and what is accessing data or changing configurations, no matter how and from where they are doing it,” he said.
(Except for the headline, this story was not edited by NDTV staff and published from a syndicated feed.)