Earlier in the week, a cyberattack targeted hundreds of US companies and federal government entities. Several US media reports immediately alleged that the hacking group behind the attack was backed by a foreign government, with some directly accusing Russia of being connected with the hacks.
US President-elect Joe Biden, in a statement on Thursday, vowed to take action against those behind recent cyberattacks against US entities, outlining that he would to make cybersecurity “a top priority” after he takes office.
The president-elect added that, although not everything about the attack is clear, “what we do know is a matter of grave concern”.
What Is Known?
The massive hacking attack was reported last week and was said to have targeted multiple government and business entities in the United States.
Cybersecurity company FireEye said the attack was conducted through the widely-used Orion network monitoring product developed and marketed by US company SolarWinds, and performed by a “sophisticated” hacking group allegedly “backed by the foreign government”.
On Tuesday, the US Homeland Security Department acknowledged cyber breaches across the federal government and said that it was “working closely with our partners in the public and private sector on the federal response”.
The US Cybersecurity and Infrastructure Security Agency (CISA) on Thursday asserted that the hacking attack put all levels of the US government in “grave” peril, and reports continue to emerge saying that pathways to affect multiple US entities were found.
Two US House committees, the Homeland Security Committee and the Oversight and Reform Committee, stated on Thursday that they had launched an investigation into the cyberattack.
What Do the Reports Say?
The New York Times said, referring to a warning issued by the Department of Homeland Security, that the hackers used different types of malware and various techniques.
The report noted, however, that investigators do not have a comprehensive list of what software in government agencies has been corrupted.
According to reports, hackers successfully breached the US Treasury Department and the National Telecommunications and Information Administration. Several federal government entities were reportedly affected, including the Pentagon, the Commerce Department, the Department of Homeland Security, the Department of the Treasury and the National Institutes of Health.
Politico said in a Thursday report, citing sources familiar with the matter, that the Energy Department and National Nuclear Security Administration, which maintains the US nuclear weapons stockpile, had obtained evidence that hackers had accessed their networks as part of an “extensive espionage operation”.
According to the report, suspicious activites were detected in networks at the Federal Energy Regulatory Commission (FERC), as well as at the Sandia and the Los Alamos national laboratories, and several offices of the Energy Department.
The US Energy Department stated later on Thursday, however, that the hack was isolated to business networks only and never impacted the national security functions of the nation’s nuclear network.
Reuters reported on the same day that Microsoft was also hacked, as part of the cyber breach, and, according to sources familiar with the matter, “had its own products leveraged to further the attacks on others”.
However, the company’s president, Brad Smith, told The NYT times that Microsoft “had no indications of that”, refuting the report.
Russian Hackers Again
Shortly after the attack, the Washington Post alleged without proof that the infamous ‘Cozy Bear’ hacking group, which is claimed to be connected with the Russian government and intelligence, was behind the attack.
The NYT also claimed that the hack was only a “part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies”. The outlet also said that the so-called ‘espionage attack’ has been ongoing since spring.
The well-worn allegations were met in Moscow with scepticism, as the Embassy of Russia in the US denounced them as “unfounded” and once again reiterated that Russia “does not conduct offensive operations in the cyber domain”.
Anti-Russia sentiment, particularly regarding cybersecurity, has a long history in the United States, and hardly has there been a single hacking attack in America that has not been blamed on ubiquitous and hidden “Russian hackers”.
During the 2016 presidential election in the US, an incident with the hacking of Democratic National Committee emails was also blamed on Russian hackers; at that time, the ‘Fancy Bear’ group, Cozy Bear’s co-villain from the mysterious GRU special unit.
Hysteria regarding the Russian hackers has continued, although the Kremlin has repeatedly dismissed the accusations of attempting to hack US entities or meddle in American politics.