How did hackers infiltrate the US Treasury and other federal agencies?

How did hackers infiltrate the US Treasury and other federal agencies?

A Reuters report last week stated that A group of hackers backed by a foreign government carried out a cyberattack On the US Treasury and a division of the US Department of Commerce. And the Trump administration has acknowledged that, too.

One person familiar with the matter said, “The hack is very dangerous; So much so, that it led to a meeting of the National Security Council at the White House on Saturday. ” A number of federal agencies have participated in the investigations, including: The Federal Bureau of Investigation (FBI).

Reports so far indicate that the breach involved several US government agencies, and this breach may be the largest breach of government systems since the Obama administration, or perhaps ever before.

And here an important question arises, how did the pirates penetrate many US government agencies in this way?

It started on December 8th When the cybersecurity company (FireEye) discovered that its systems had been compromised, the company later revealed that the hacker They hacked the software company SolarWinds Then they published an update that included malware for the Orion platform; In order to infect the networks of many US government networks and companies.

The malware that was included in the updates of the (Orion) platform – affiliated with (SolarWinds) – may have granted the hackers access to different government systems for several months, as initial reports indicate that the breaches began in March.

SolarWinds says: “It has more than 300,000 clients around the world, most notably: the US Army, the Department of Defense, the Department of Justice, the State Department, the Department of Commerce and the Treasury, and more than 400 commercial companies from among the major companies on the list (Fortune 500).

However, not all of its customers will be affected by this hack; Because the hack only affects those who use the Orion platform, and within this group only those who have installed updates that include malware.

“It informed about 33,000 of its customers – who use the Orion platform – of the risks posed by updates that included malware,” SolarWinds said in a US Securities and Exchange Commission report. But the company also said in its statement: It believes that the actual number of potentially exposed clients is less than 18,000.

And SolarWinds has now released Updates She is working on fixing the vulnerability, and she apologized for any inconvenience.

The US security services are currently assessing exactly which departments have been breached, and what information has been accessed. Until now; The Commerce Department confirmed it had been hacked, and there were reports of damage to the Treasury and State Department, Department of Homeland Security, parts of the Pentagon and the National Institutes of Health. There are likely to be more US government agencies in the coming days.

Who is responsible for this major breach:

How did hackers infiltrate the US Treasury and other federal agencies?

According to officials familiar with the matter, the hacker group responsible for this penetration so far is a group of hackers associated with Russian intelligence, and this group is called (Cozy Bear), also known as APT29, although Russia has denied any involvement in this matter.

And this group was also behind a breakthrough Democratic National Committee and Hillary Clinton Campaign Staff Accounts During the 2016 US election, plus Hacking the White House and State Department networks in 2014.

The Cozy Bear Group is also believed to be behind Recent attacks on various organizations developing vaccines for Coronavirus (Covid-19).

The Russian embassy said in a statement on Monday: “Malicious activities in the field of cybersecurity are inconsistent with the principles of Russian foreign policy, national interests and our understanding of inter-state relations. Russia does not carry out offensive operations in the field of cybersecurity.”

The US government has so far refrained from declaring anything, and only said: “Its security services are investigating.” The Cyber ​​Security and Infrastructure Security Agency (CISA) issued an emergency directive last week for federal civilian agencies to immediately separate affected products from their networks.

(John Ullyot) National Security Council spokesman in statement: “The National Security Council works closely with CISA, the FBI, the intelligence community, and affected departments and agencies to identify damage and coordinate the rapid and effective recovery of entire government agencies.”


Leave a Reply