Results 1 to 13 of 13

Thread: SolarWinds Hack

  1. #1
    Join Date
    Sep 2001
    Location
    Wateree, South Carolina
    Posts
    48,808

    Default SolarWinds Hack

    WASHINGTON — The scope of a hack engineered by one of Russia’s premier intelligence agencies became clearer on Monday, when some Trump administration officials acknowledged that other federal agencies — the State Department, the Department of Homeland Security and parts of the Pentagon — had been compromised. Investigators were struggling to determine the extent to which the military, intelligence community and nuclear laboratories were affected by the highly sophisticated attack.

    United States officials did not detect the attack until recent weeks, and then only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses.

    It was evident that the Treasury and Commerce Departments, the first agencies reported to be breached, were only part of a far larger operation whose sophistication stunned even experts who have been following a quarter-century of Russian hacks on the Pentagon and American civilian agencies.

    About 18,000 private and government users downloaded a Russian tainted software update — a Trojan horse of sorts — that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised.

    Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the State Department, the Justice Department, parts of the Pentagon and a number of utility companies. While the presence of the software is not by itself evidence that each network was compromised and information was stolen, investigators spent Monday trying to understand the extent of the damage in what could be a significant loss of American data to a foreign attacker.

    The National Security Agency — the premier U.S. intelligence organization that both hacks into foreign networks and defends national security agencies from attacks — apparently did not know of the breach in the network-monitoring software made by SolarWinds until it was notified last week by FireEye. The N.S.A. itself uses SolarWinds software.

    Two of the most embarrassing breaches came at the Pentagon and the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency oversaw the successful defense of the American election system last month.

    A government official, who requested anonymity to speak about the investigation, made clear that the Homeland Security Department, which is charged with securing civilian government agencies and the private sector, was itself a victim of the complex attack. But the department, which often urges companies to come clean to their customers when their systems are victims of successful attacks, issued an obfuscating official statement that said only: “The Department of Homeland Security is aware of reports of a breach. We are currently investigating the matter.”

    Parts of the Pentagon were also affected by the attack, said a U.S. official who spoke on the condition of anonymity, who added that they were not yet sure to what extent.

    “The D.O.D. is aware of the reports and is currently assessing the impact,” said Russell Goemaere, a Pentagon spokesman.

    This was the second time in recent years that Russian intelligence agencies had pierced the State Department’s email systems. Six years ago, officials struggled to get Russian hackers out of their unclassified email systems, at times shutting down State’s communications with its own staff in an effort to purge the system.

    Then, as now, State Department officials refused to acknowledge that Russia had been responsible. In an interview with Breitbart Radio News, Secretary of State Mike Pompeo deflected the question with generalities, saying that there had “been a consistent effort of the Russians to try and get into American servers, not only those of government agencies, but of businesses. We see this even more strongly from the Chinese Communist Party, from the North Koreans, as well.”

    In fact, it is the Russians who have been consistently most effective, though in this case it was not clear which State Department systems they had extracted data from or how much. A State Department spokeswoman declined to comment.

    Investigators were also focused on why the Russians targeted the Commerce Department’s National Telecommunications and Information Administration, which helps determine policy for internet-related issues, including setting standards and blocking imports and exports of technology that is considered a national security risk. But analysts noted that the agency deals with some of the most cutting-edge commercial technologies, determining what will be sold and denied to adversarial countries.

    Nearly all Fortune 500 companies, including The New York Times, use SolarWinds products to monitor their networks. So does Los Alamos National Laboratory, where nuclear weapons are designed, and major defense contractors like Boeing, which declined on Monday to discuss the attack.

    The early assessments of the intrusions — believed to be the work of Russia’s S.V.R., a successor to the K.G.B. — suggest that the hackers were highly selective about which victims they exploited for further access and data theft.

    The hackers embedded their malicious code in the Orion software made by SolarWinds, which is based in Austin, Texas. The company said that 33,000 of its 300,000 customers use Orion, and only half of those downloaded the malign Russian update. FireEye said that despite their widespread access, Russian hackers exploited only what was considered the most valuable targets.

    The Cybersecurity and Infrastructure Security Agency on Sunday issued a rare emergency directive warning federal agencies to “power down” the SolarWinds software. But that only prevents new intrusions; it does not eradicate Russian hackers who, FireEye said, planted their own “back doors,” imitated legitimate email users and fooled the electronic systems that are supposed to assure the identities of users with the right passwords and additional authentication.

    “A supply chain attack like this is an incredibly expensive operation — the more you make use of it, the higher the likelihood you get caught or burned,” said John Hultquist, a threat director at FireEye. “They had the opportunity to hit a massive quantity of targets, but they also knew that if they reached too far, they would lose their incredible access.”

    The chief executive officers of the largest American utility companies held an urgent call on Monday to discuss the possible threat of the SolarWinds compromise to the power grid.

    For the N.S.A. and its director, Gen. Paul M. Nakasone, who also heads the U.S. Cyber Command, the attack ranks among the biggest crises of his time in office. He was brought in nearly three years ago as one of the nation’s most experienced and trusted cyberwarriors, promising Congress that he would make sure that those who attacked the United States paid a price.
    https://www.nytimes.com/2020/12/14/u...ml%20%3Cbr/%3E

  2. #2
    Join Date
    Sep 2001
    Location
    Wateree, South Carolina
    Posts
    48,808

    Default

    By "Russian" you can bet they mean "Chinese", and it is still scaring them enough to tell Americans about it...

  3. #3
    Join Date
    Apr 2002
    Location
    upstate
    Posts
    9,696

    Default

    Russians= Trumps fault

    Chinese= Joe’s fingerprints....


    So it’s definitely Russian
    A vote is like a rifle: its usefulness depends upon the character of the user.

    Theodore Roosevelt; 26th president of US (1858 - 1919)
    ____________________________________________

    “A fear of weapons is a sign of retarded sexual and emotional maturity” Sigmund Freud

  4. #4
    Join Date
    Jan 2003
    Location
    SC
    Posts
    24,410

    Default

    It may have been Notre Dame since clemson was one of the ones hacked. Must have been looking for the playbook.

    Sent from my moto z4 using Tapatalk

  5. #5
    Join Date
    Oct 2007
    Location
    Blythewood
    Posts
    16,973

    Default

    Quote Originally Posted by Catdaddy View Post
    It may have been Notre Dame since clemson was one of the ones hacked. Must have been looking for the playbook.

    Sent from my moto z4 using Tapatalk
    Makes sense.

    They scared.
    "Freedom Isn't Free"
    _Spc. Thomas Caughman
    1983-2004

    Quote Originally Posted by Dook View Post
    Go tigers!

  6. #6
    Join Date
    Jun 2010
    Location
    charleston
    Posts
    8,600

    Default

    Two of the most embarrassing breaches came at the Pentagon and the Department of Homeland Security, whose Cybersecurity and Infrastructure Security Agency oversaw the "successful defense of the American election system last month".

    So- everybody was hacked but the voting wasn't touched- BULLSHIT

  7. #7
    Join Date
    Jan 2003
    Location
    SC
    Posts
    24,410

    Default

    .

    Sent from my moto z4 using Tapatalk

  8. #8
    Join Date
    Jan 2003
    Location
    SC
    Posts
    24,410

    Default

    .

    Sent from my moto z4 using Tapatalk

  9. #9
    Join Date
    Feb 2003
    Location
    united states of america
    Posts
    21,584

    Default

    Me?

  10. #10
    Join Date
    Sep 2012
    Posts
    2,191

    Default

    Operation flying trike. Fact.

  11. #11
    Join Date
    Jan 2003
    Location
    SC
    Posts
    24,410

    Default

    Quote Originally Posted by Sportin' Woodies View Post
    Me?
    Yes,.....Qou

  12. #12
    Join Date
    Feb 2003
    Location
    united states of america
    Posts
    21,584

    Default

    Well exquse me

  13. #13
    Join Date
    Sep 2001
    Location
    Wateree, South Carolina
    Posts
    48,808

    Default

    Suspected Russian hack is much worse than first feared: Here’s what you need to know

    PUBLISHED FRI, DEC 18
    Sam Shead
    @SAM_L_SHEAD

    The U.S. Cybersecurity and Infrastructure Security Agency said the threat “poses a grave risk to the federal government.”

    LONDON — The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated.

    The Cybersecurity and Infrastructure Security Agency said in a summary Thursday that the threat “poses a grave risk to the federal government.”

    It added that “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations” are also at risk.

    CISA believes the attack began at least as early as March. Since then, multiple government agencies have reportedly been targeted by the hackers, with confirmation from the Energy and Commerce departments so far.

    “This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” CISA said. “Removing the threat actor from compromised environments will be highly complex and challenging.”

    CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.

    “The magnitude of this ongoing attack is hard to overstate,” former Trump Homeland Security Advisor Thomas Bossert said in a piece for The New York Times on Thursday. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months.”

    Russian presidential spokesman Dmitry Peskov rejected the accusations, according to the Tass news agency.

    “Even if it is true there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away,” he told Tass. “We have nothing to do with this.”

    The Russian Embassy in London did not immediately respond to CNBC’s request for comment.

    The FBI said Wednesday it is “investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.”

    At this stage, it’s not clear what the hackers have done beyond accessing top-secret government networks and monitoring data.

    Hackers also accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, according to the Politico news site, citing officials familiar with the matter.

    CISA said those behind the attack used network management software made by SolarWinds, a Texas-headquartered IT firm, to breach the government networks.

    As many as 18,000 SolarWinds Orion customers downloaded a software update that contained a backdoor, which the hackers used to gain access to the networks.

    The U.S. government is under the ‘hack of a decade’ after massive cyberattack grows
    CISA issued an “emergency directive” this week instructing federal civilian agencies to “immediately disconnect or power down affected SolarWinds Orion products from their network.”

    But the perpetrators may have used other means to access the networks. CISA said Thursday is investigating “evidence of additional access vectors, other than the SolarWinds Orion platform.”

    Microsoft customers targeted
    Microsoft was hacked in connection with the attack on SolarWinds’ widely used management software, Reuters reported Thursday.

    Like with the cyberattack of SolarWinds, hackers infiltrated Microsoft products and then went after others, Reuters said, citing people familiar with the matter.

    Microsoft said that more than 40 client organizations were compromised in the attack.

    “While roughly 80% of these customers are located in the United States, this work so far has also identified victims in seven additional countries,” Microsoft President Brad Smith said in a blog.

    “This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East. It’s certain that the number and location of victims will keep growing.”

    Smith added that “this is not espionage as usual” and “while governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy.”

    Security expert advises all organizations to do a ‘proactive threat hunt’ of data
    U.S. President-elect Joe Biden pledged Thursday to make cybersecurity a key area of focus for his administration.

    “A good defense isn’t enough; We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said in a statement issued by his transition team.

    “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation.”

    President Donald Trump, who has been silent about the hacking, threatened on Thursday to veto the National Defense Authorization Act, which includes money to help prevent such cyberattacks.

    https://www.cnbc.com/2020/12/18/susp...st-feared.html

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •