Quote:WASHINGTON, Dec 13 (Reuters) - A sophisticated hacking group backed by a foreign government stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, according to people familiar with the matter. (Reporting by Christopher Bing; Editing by Daniel Wallis)

Link

Quote:WASHINGTON — A foreign entity has reportedly breached the Treasury and Commerce Department of the United States.

A Commerce Department spokesperson told NBC News, “We can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate, and we cannot comment further at this time.”

Josh Lederman, a national political reporter for NBC wrote on Twitter Sunday, “The National Security Council also confirms that it is working to identify and remedy potential issues after a reported foreign government-linked hack of Treasury and a Commerce Department unit’s email systems.”

Link

Quote:WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.

“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”

This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.

Link

Quote:The latest espionage attack on the U.S. government is not limited to the Treasury and Commerce departments. Looking at the agencies who use the software that was used as a launchpad for the hacks, the breach could go right to the heart of America’s national security apparatus.

Hackers managed to hide malicious code in a software update for a tool called SolarWinds Orion. It’s typically used to make IT simpler with a single panel for administering various parts of a network. Earlier this year, hackers believed to be sponsored by the Russian government managed to inject malware into Orion updates released between March 2020 and June 2020. According to Reuters, which broke the news Sunday, that allowed the snoops a foothold in customer networks and the ability, at the very least, to spy on emails.

According to a review of public records, the range of U.S. government customers who’ve previously bought SolarWinds Orion is vast. The Pentagon is the biggest customer, with the Army and the Navy being big users. The Department of Veterans Affairs, which is heavily involved in the U.S. response to Covid-19, is another Orion fan and the biggest spender on the tool in recent years. In August, it renewed its Orion license in a $2.8 million order. The National Institutes of Health, DHS and the FBI are also amongst the many branches of the U.S. government that have previously bought the tool.

Though it’s not clear whether it uses the Orion tool, the DHS’s own Cybersecurity and Infrastructure Security Agency (CISA) is a SolarWinds customer too, buying $45,000-worth of licenses in 2019. The U.S. Cyber Command also spent over $12,000 on SolarWinds tools in the same year.

SolarWinds, a publicly-listed Austin, Texas-based company with a value of over $6 billion, has its own customer list, though it doesn’t break down which products clients use. That list includes more than 425 of the Fortune 500, all major US telecoms providers, the top five U.S. accounting firms, hundreds of global universities, the NSA and the White House.

The immediate impact will be operational. CISA has recommended government civilian agencies stop using SolarWinds Orion. “The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA acting director Brandon Wales. “We urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”

The attack will likely have a global impact, according to FireEye, which last week was the first to admit being a victim of this vast espionage campaign. The U.K.’s National Cyber Security Centre (NCSC), a branch of signals intelligence agency GCHQ, said it was monitoring the fallout. It’s also recommending that anyone running the SolarWinds system ensure that they’re installed behind firewalls and disconnected from the internet.

“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” SolarWinds said in a security advisory, in which it asked customers to update to the latest version of Orion.

Infiltrating a major software provider in so-called “supply chain attacks” has proven fruitful for hackers in the past. The infamous NotPetya attacks, in which software sold by Ukrainian accounting program provider MeDoc was “Trojanized,” crippled swathes of companies across the world with ransomware.

Russia, for its part, has denied the attacks on Facebook via its foreign ministry account. “Russia does not conduct offensive operations in the cyber domain,” it claimed.

Link

Somewhere, at the bottom of this hack is a Democrat who has sold his/her soul out for a few shekels.

Russia Russia Russia!!

What a co-incidence! Guess who else uses Solar Winds Orion Network Management Products?

Today’s craziest person in the world is anyone who can reconcile these two diametrically opposed ideas — that security firms like SolarWinds suffered serious hacks and that the election was secure — without their skull literally exploding.

Or maybe its Russian mafia trying to get inside information to invest in telecommunications companies.

(12-14-2020 10:14 PM)bullet Wrote:  Or maybe its Russian mafia trying to get inside information to invest in telecommunications companies.

Whatever it is/was I imagine it was state sponsored.

FBI & US Marshals & Texas Rangers Raided Corporate HQ Of Solar Winds Yesterday, Company At Center Of Massive Government Hack…

Quote:Suspected Russian hackers gained access to email accounts belonging to the Trump administration's head of the Department of Homeland Security and members of the department's cybersecurity staff whose jobs included hunting threats from foreign countries, The Associated Press has learned.

The intelligence value of the hacking of then-acting Secretary Chad Wolf and his staff is not publicly known, but the symbolism is stark. Their accounts were accessed as part of what's known as the SolarWinds intrusion and it throws into question how the U.S. government can protect individuals, companies, and institutions across the country if it can’t protect itself.

The short answer for many security experts and federal officials is that it can’t — at least not without some significant changes.

“The SolarWinds hack was a victory for our foreign adversaries, and a failure for DHS,” said Sen. Rob Portman of Ohio, the top Republican on the Senate’s Homeland Security and Governmental Affairs Committee. “We are talking about DHS’s crown jewels.”

The Biden administration has tried to keep a tight lid on the scope of the SolarWinds attack as it weighs retaliatory measures against Russia. But an inquiry by the AP found new details about the breach at DHS and other agencies, including the Energy Department, where hackers accessed top officials' private schedules.

The AP interviewed more than a dozen current and former U.S. government officials, who spoke on the condition of anonymity because of the confidential nature of the ongoing investigation into the hack.

The vulnerabilities at Homeland Security in particular intensify the worries following the SolarWinds attack and an even more widespread hack affecting Microsoft Exchange’s email program, especially because in both cases the hackers were detected not by the government but by a private company.

In December, officials discovered what they describe as a sprawling, monthslong cyberespionage effort done largely through a hack of a widely used software from Texas-based SolarWinds Inc. At least nine federal agencies were hacked, along with dozens of private-sector companies.

U.S. authorities have said the breach appeared to be the work of Russian hackers. Gen. Paul Nakasone, who leads the Pentagon’s cyber force, said last week the Biden administration is considering a “range of options” in response. Russia has denied any role in the hack.

Since then, a series of headline-grabbing hacks has further highlighted vulnerabilities in the U.S. public and private sectors. A hacker tried unsuccessfully to poison the water supply of a small town in Florida in February, and this month a new breach was announced involving untold thousands of Microsoft Exchange email servers the company says was carried out by Chinese state hackers. China has denied involvement in the Microsoft breach.

Sen. Mark Warner, a Virginia Democrat and head of the Senate Intelligence Committee, said the government's initial response to the discovery of the SolarWinds hack was disjointed.

“What struck me was how much we were in the dark for as long as we were in the dark,” Warner said at a recent cybersecurity conference.

Wolf and other top Homeland Security officials used new phones that had been wiped clean along with the popular encrypted messaging system Signal to communicate in the days after the hack, current and former officials said.

One former administration official, who confirmed the Federal Aviation Administration was among the agencies affected by the breach, said the agency was hampered in its response by outdated technology and struggled for weeks to identify how many servers it had running SolarWinds software.

The FAA initially told the AP in mid-February that it had not been affected by the SolarWinds hack, only to issue a second statement a few days later that it was continuing to investigate.

At least one other Cabinet member besides Wolf was affected. The hackers were able to obtain the private schedules of officials at the Energy Department, including then-Secretary Dan Brouillette, one former high-placed administration official said.

The new disclosures provide a fuller picture of what kind of data was taken in the SolarWinds hack. Several congressional hearings have been held on the subject, but they have been notably short on details.

Rep. Pat Fallon, R-Texas, indicated at one of the hearings that a DHS secretary's email had been hacked but did not provide additional detail. The AP was able to identify Wolf, who declined to comment other than to say he had multiple email accounts as secretary.

DHS spokeswoman Sarah Peck said “a small number of employees’ accounts were targeted in the breach” and the agency “no longer sees indicators of compromise on our networks.”

The Biden administration has pledged to issue an executive order soon to address “significant gaps in modernization and in technology of cybersecurity across the federal government.” But the list of obstacles facing the federal government is long: highly capable foreign hackers backed by governments that aren’t afraid of U.S. reprisals, outdated technology, a shortage of trained cybersecurity professionals, and a complex leadership and oversight structure.

The recently approved stimulus package includes $650 million in new money for the Cybersecurity and Infrastructure Security Agency to harden the country’s cyber defenses. Federal officials said that amount is only a down payment on much bigger planned spending to improve threat detection.

“We must raise our game,” Brandon Wales, who leads the cybersecurity agency, told a recent House committee hearing.

The agency operates a threat-detection system known as Einstein. Its failure to detect the SolarWinds breach before it was discovered by a private security company alarmed officials. Eric Goldstein, the agency's executive assistant director for cybersecurity, told Congress that Einstein’s technology was designed a decade ago and has “grown somewhat stale.”

Anthony Ferrante, a former director for cyber incident response at the U.S. National Security Council and current senior managing director at FTI Consulting, said part of the problem, both in government and in the private sector, is the lack of a skilled workforce.

The Microsoft Exchange hack, which to date has not affected any federal government agencies, was also discovered by a private firm.

One issue that's flummoxed policy makers is that foreign state hackers are increasingly using U.S.-based virtual private networks, or VPNs, to evade detection by U.S. intelligence agencies, which are legally constrained from monitoring domestic infrastructure. The hosting services of Amazon Web Services and GoDaddy were used by the SolarWinds hackers to evade detection, officials said recently.

The Biden administration is not planning to step up government surveillance of the U.S. internet in response and instead wants to focus on tighter partnerships and improved information-sharing with the private-sector companies that already have broad visibility into the domestic internet.

Responsibility for responding to breaches, preventing new ones, and providing oversight of those efforts is still unsettled, and last month leaders of the Senate Intelligence Committee criticized the Biden administration for a "disorganized response” to the SolarWinds hack.

The Biden administration tapped Anne Neuberger, the deputy national security adviser for cyber and emergency technology, to respond to the SolarWinds and Microsoft breaches. It hasn't appointed a national cyber director, a new position, frustrating some members of Congress.

"We’re trying to fight a multifront war without anybody in charge,” said Sen. Angus King, an independent from Maine.

The Biden administration says it’s reviewing how best to set up the new position. “Cybersecurity is a top priority,” said White House spokeswoman Emily Horne.

Link