The U.S. Department of Homeland Security was the third federal department to be targeted in a major cyber attack, the U.S. media reported Monday, a day after Washington revealed the hack could have been coordinated by a foreign government.
The Washington Post quoted anonymous officials as saying that DHS – which deals with protecting the country from attacks both online and off – has been added to a growing list of targets in the attack, including the Treasury and Commerce departments.
A statement from DHS on Monday did not confirm the report, saying only that it is “aware of cyber violations in the federal government and is working closely with our public and private sector partners on the federal response.”
The Cybersecurity and Infrastructure Agency (CISA), which is attached to DHS, said on Sunday that it ordered federal agencies to immediately stop using SolarWinds Orion IT products following reports that hackers used a recent update to gain access to internal communications. .
“We urge all our partners – in the public and private sectors – to assess their exposure to this compromise and secure their networks,” said CISA Acting Director Brandon Wales.
Over the weekend, SolarWinds acknowledged that hackers exploited a backdoor in an update to some of its software released between March and June.
The hacks are part of a larger campaign, which also hit the major cybersecurity firm FireEye, which said its own defenses were violated by sophisticated attackers who stole tools used to test customers’ computer systems.
FireEye said it suspected the attack was state-sponsored and warned it could have affected many high-profile targets around the globe.
“This campaign may have started in the spring of 2020 and is currently underway,” FireEye said in a blog post.
– Russia involved? –
The content that the hackers tried to steal – and how successful they were – is not known at this time.
“We believe this is a nationwide activity on a significant scale, targeting both the government and the private sector,” said IT giant Microsoft, which is also investigating, in a blog post.
While Microsoft refrained from naming a country, several US media outlets pointed to the Russian group “APT29”, also known as “Cozy Bear”.
According to the Washington Post, the group is part of Moscow’s intelligence services and broke servers at the State Department and the White House during the Obama administration.
Russia’s embassy in the United States has categorically denied the allegations in a statement on Facebook.
Both the public and private sectors must be increasingly guarded against such hacks, warned Hank Schless, senior manager at Lookout, a California mobile security company.
“Contradicting nation-states have recognized the value in targeting both sectors, which means that neither is sure of the types of attacks that have government resources behind them,” he said.
Matt Walmsley of Vectra, which provides cyber attack detection services at its California base, agreed.
“Security teams need to drastically reduce the overall risk of a breach by gaining instant visibility and understanding who and what accesses data or changing configurations, no matter how they do it or where,” he said.
(Except for the title, this story was not edited by NDTV staff and is published in a syndicated stream.)