The U.S. Department of Homeland Security was the third federal department to be targeted by a major cyber attack, U.S. media reported on Monday, the day after Washington revealed the attack that may have been coordinated. by a foreign government.
The Washington Post cited unnamed officials who said DHS – which is tasked with protecting the country from both online and offline attacks – was added to a growing list of attack targets, including the Treasury and Commerce departments.
A DHS statement on Monday did not confirm the report, saying only that it was “aware of cyber breaches across the federal government and that he worked closely with our partners in the public and private sectors on the federal response.”
Cybersecurity and Infrastructure Security Agency (CISA), which is linked to DHS, said on Sunday that it ordered federal agencies to immediately stop using SolarWinds Orion IT products following reports that hackers had used a recent update to access internal communications.
“We ask all of our partners – in the public and private sectors – to assess their exposure to this trade-off and to secure their networks,” said Brandon Wales, acting director of CISA.
SolarWinds over the weekend admitted that hackers exploited a backdoor in an update to some of its software released between March and June.
The hacks are part of a broader campaign that also hit leading cybersecurity company FireEye, which claimed its defenses were breached by sophisticated attackers who stole tools used to test customers’ computer systems.
FireEye said it suspected the attack was state-sponsored and warned it could hit numerous high-profile targets around the world.
“This campaign may have started as early as spring 2020 and is currently underway,” FireEye said in a blog post.
– Is Russia involved? –
The content that the hackers tried to steal and their success is currently unknown.
“We believe this is a nation-state activity on a significant scale, targeting both the government and the private sector,” IT giant Microsoft, who is also investigating, said in a blog post.
While Microsoft has refrained from naming a country, several US media have pointed the finger at the Russian group “APT29”, also known as “Cozy Bear”.
According to the Washington Post, the group is part of the Moscow intelligence services and hacked the servers of the State Department and the White House during the Obama administration.
The Russian embassy in the United States categorically denied the allegations in a statement on Facebook.
Both the public and private sectors need to be increasingly on guard against such attacks, warned Hank Schless, senior manager at Lookout, a California-based mobile security company.
“Rival nation-states have recognized the value of targeting both sectors, which means neither is safe from the kinds of attacks that the government’s resources have behind,” he said.
Matt Walmsley of Vectra, which provides cyber attack detection services from its California base, agrees.
“Security teams need to drastically reduce the overall risk of a breach by gaining immediate visibility and understanding of who and what is accessing data or changing configurations, regardless of how they are doing it and from where,” he said.
(Except for the title, this story has not been edited by NDTV staff and is posted by a syndicated feed.)