Cybersecurity

Federal government finds evidence hackers used multiple methods to access agency networks

The Department of Homeland Security’s (DHS) cybersecurity agency on Thursday warned of the “grave” threat posed to federal systems by a recent massive espionage attack by a nation state, warning that the hackers used multiple methods to access the systems for months.

The Cybersecurity and Infrastructure Protection Agency (CISA) put out an alert detailing the attack, widely reported to be carried out by a Russian military hacking group, on IT company SolarWinds. 

By infiltrating a vulnerability in the company’s Orion software, the group was able to access federal networks, with DHS, the Commerce, State and Treasury departments, and branches of the Pentagon among the agencies reportedly breached, with the hackers potentially having had access to the networks since March. 

The Washington Post reported Sunday that the group behind the attack is a Russian military group known as “Cozy Bear,” a prolific hacking group that previously targeted the State Department during the Obama administration and COVID-19 vaccine researchers earlier this year. 

“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” the agency wrote in the alert. 

CISA, which put out an emergency directive earlier this week ordering all federal agencies to disconnect from SolarWinds software, warned that the hackers involved used other methods besides the SolarWinds vulnerability to access federal systems. 

“CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the agency wrote.

While the agency did not attribute the attack to any county or organization, it noted that the hackers had “demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

CISA is among the agencies involved in standing up a Cyber Unified Coordination Group to respond to the incident, alongside the FBI and the Office of the Director of National Intelligence (ODNI).

“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the three agencies said in a joint statement on Wednesday night. 

President-elect Joe Biden on Thursday vowed to make cybersecurity and responding to the incident a “top priority” once in office, while the Democratic leaders of the House Homeland Security and Oversight and Reform committees announced they were opening an investigation into the ongoing incident. 

“Our Committees are seeking information related to the apparent, widespread compromise of multiple federal government, critical infrastructure, and private sector information technology networks,” the chairs of the committees wrote in a letter sent to CISA, the FBI, and the ODNI on Thursday.  “While investigations and technical forensic analyses are still ongoing, based on preliminary reporting, it is evident that this latest cyber intrusion could have potentially devastating consequences for U.S. national security.”

Tags CISA Cyberattack FBI Joe Biden ODNI Russia SolarWinds

Copyright 2023 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. Regular the hill posts

People – Image widget – Person – Main Area Top

File - A Chevrolet Bolt is displayed at the Philadelphia Auto Show, Jan. 27, 2023, in Philadelphia. Electric vehicles are far less reliable than gasoline-powered cars, trucks and SUVs, mainly because most automakers are still learning how to build a completely new power system, according to this year's auto reliability survey by Consumer Reports.(AP Photo/Matt Rourke, File)
File - A Chevrolet Bolt is displayed at the Philadelphia Auto Show, Jan. 27, 2023, in Philadelphia. Electric vehicles are far less reliable than gasoline-powered cars, trucks and SUVs, mainly because most automakers are still learning how to build a completely new power system, according to this year's auto reliability survey by Consumer Reports.(AP Photo/Matt Rourke, File)

QAT WC-2613

People – Image – Person

In this photo released by the Governor of Sevastopol, Mikhail Razvozhayev telegram channel, a rescuer gestures as he helps people during an evacuation after storm and flooding in Sevastopol, Crimea, Monday, Nov. 27, 2023. A storm in the Black Sea took down power grids and left almost half a million people without power after it flooded roads, ripped up trees and damaged buildings in Crimea, Russian state news agency Tass said. (Governor of Sevastopol Mikhail Razvozhayev's telegram channel via AP)
In this photo released by the Governor of Sevastopol, Mikhail Razvozhayev telegram channel, a rescuer gestures as he helps people during an evacuation after storm and flooding in Sevastopol, Crimea, Monday, Nov. 27, 2023. A storm in the Black Sea took down power grids and left almost half a million people without power after it flooded roads, ripped up trees and damaged buildings in Crimea, Russian state news agency Tass said. (Governor of Sevastopol Mikhail Razvozhayev's telegram channel via AP)

People - Video Bin - Person

The White House is pushing 'Bidenomics,' but what does it mean?

The White House is pushing 'Bidenomics,' but what ...
DC Bureau: AI Legal Immunity (raquel)
KXAN: special session
DC Bureau: Biden economic display (basil)
KTXL: ca budget folo
WHTM: good gov bills
More Videos

Main area middle

See all Hill.TV See all Video

main area bottom custom html

MAIN Area bottom

People – Custom HTML – Person

MAIN AREA BOTTOM

People - Article Bin - 7 Headline List with Featured Image - Person

Main area bottom

Top Stories

See All

Most Popular

Load more