Pompeo: Russia 'pretty clearly' behind major cyberattack on US
19 December, 2020
Russia was "pretty clearly" behind a devastating cyberattack on several US government agencies that also hit targets worldwide, Secretary of State Mike Pompeo said.
Microsoft said late on Thursday that it had notified more than 40 customers hit by the malware, which security professionals say could allow attackers unfettered network access to key government systems and energy grids and other utilities.
"There was a significant effort to employ a little bit of third-party software to essentially embed code inside of US government systems," Mr Pompeo told The Mark Levin Show on Friday.
"This was a very significant effort, and I think it is the case that now we are able to say pretty plainly that it was the Russians that engaged in this activity."
Mr Pompeo may be the highest-ranking official in President Donald Trump's administration to recommend Russian involvement in the attack, with the president himself remaining silent on the problem so far.
Microsoft president Brad Smith said roughly 80 % of the afflicted customers were located in the United States.
"It's certain that the number and location of victims could keep growing," Mr Smith said in a blog page post, echoing concerns voiced this week by US officials on the seriousness of the attack.
"This is simply not 'espionage as usual,' even in the digital age," he said.
"Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world."
John Dickson of the security firm Denim Group said many private sector companies that could be vulnerable were scrambling to shore up security, even to the point of considering rebuilding servers and other equipment.
"Many people are in damage assessment now because it's so big," Mr Dickson said. "It's a severe body blow to confidence both in government and critical infrastructure."
The threat comes from a long-running attack which is thought to have injected malware into computer networks using enterprise management network software created by the Texas-based IT company SolarWinds, with the hallmarks of a nation-state attack.
James Lewis, vice president at the Centre for Strategic and International Studies, said the attack may wrap up being the worst to hit america, eclipsing the 2014 hack of US government personnel records in a suspected Chinese infiltration.
"The scale is daunting. We don't really know what has been taken to ensure that is probably the tasks for forensics," Mr Lewis said.
"We also have no idea what's been left out. The normal practice is to leave something behind to allow them to get back in, later on."
The National Security Agency needed increased vigilance to prevent unauthorised access to key military and civilian systems.
Analysts have said the attacks pose threats to national security by infiltrating key government systems, while also creating risks for controls of key infrastructure systems such as for example energy grids and other utilities.
The US Cybersecurity and Infrastructure Security Agency said government agencies, critical infrastructure entities, and private sector organisations had been targeted by what it named an "advanced persistent threat actor".
CISA didn't identify who was simply behind the malware attack, but private security companies pointed a finger at hackers linked to the Russian government.
Mr Pompeo had also suggested Moscow's involvement on Monday, saying the Russian government had made repeated attempts to breach US government networks.
President-elect Joe Biden expressed "great concern" over the computer breach while Republican Senator Mitt Romney blamed Russia and slammed what he called "inexcusable silence" from the White House.
Mr Romney likened the cyberattack to a predicament where "Russian bombers have been repeatedly flying undetected over our entire country".
CISA said the computer intrusions started out at least as soon as March this season, and the actor behind them had "demonstrated patience, operational security and complex tradecraft".
"This threat poses a grave risk," CISA said on Thursday, adding that it "expects that removing this threat actor from compromised environments will be highly complex and challenging for organisations".
Hackers reportedly installed malware on software employed by the US Treasury Department and the Commerce Department, allowing them to view internal email traffic.
The Department of Energy, which manages the country's nuclear arsenal, confirmed it had also been hit by the malware but had disconnected influenced systems from its network.
"At this time, the investigation has discovered that the malware has been isolated to business networks only, and hasn't impacted the mission essential national security functions of the department, including the National Nuclear Security Administration," agency spokeswoman Shaylyn Hynes said.
SolarWinds said up to 18,000 customers, including government agencies and Fortune 500 companies, had downloaded compromised software updates, allowing hackers to spy on email exchanges.
Russia has denied involvement.
Source: www.thenationalnews.com