The Patriot Files Forums  

Go Back   The Patriot Files Forums > Warfare > Cyber

Post New Thread  Reply
Thread Tools Display Modes
Old 12-18-2020, 05:23 AM
Boats's Avatar
Boats Boats is offline
Senior Member

Join Date: Jul 2002
Location: Chicago, IL
Posts: 19,178
Exclamation Just how bad is that hack that hit US government agencies?

Just how bad is that hack that hit US government agencies?
By: Zack Whittaker - Tech Crunch News - 12-17-20

Spoiler: It's a nightmare scenario

It’s the nightmare scenario that has worried cybersecurity experts for years.

Since at least March, hackers likely working for Russian intelligence have embedded themselves without detection inside the unclassified networks of several U.S. government agencies and hundreds of companies. Sen. Richard Blumenthal appeared to confirm in a tweet that Russia was to blame, citing a classified congressional briefing.

It began Tuesday with news of a breach at cybersecurity giant FireEye, which confirmed it was hacked by a “sophisticated threat actor” using a “novel combination of techniques not witnessed by us or our partners in the past.” The hackers, FireEye said, were primarily interested in information on its government customers, but that they also stole its offensive hacking tools that it uses to stress test its customers’ systems against cyberattacks.

Note: Since the hackers had several months of undetected access to several federal agencies, it’s going to be virtually impossible to know exactly what sensitive government information has been stolen.

The FireEye breach was nothing short of audacious; FireEye has a reputation for being the first company that corporate cyberattack victims will call. But then the news broke that the U.S. Treasury, State, Commerce, the National Institute of Health and Homeland Security — the agency tasked with protecting the government from cyberattacks — had all been infiltrated.

Each of the victims has one thing in common: All are customers of U.S. software firm SolarWinds, whose network management tools are used across the U.S. government and Fortune 500 companies. FireEye’s blog explaining the breach — which didn’t say how it discovered its own intrusion — said the hackers had broken into SolarWinds’ network and planted a backdoor in its Orion software, which helps companies monitor their networks and fleets of devices, and pushed it directly to customer networks with a tainted software update.

SolarWinds said up to 18,000 customers had downloaded the compromised Orion software update, giving the hackers unfettered access to their networks, but that it was unlikely all or even most had been actively infiltrated.

Jake Williams, a former NSA hacker and founder of Rendition Infosec, said hackers would have gone for the targets that got their “biggest bang for their buck,” referring to FireEye and government targets.

“I have no doubt in my mind that had the Russians not targeted FireEye we would not know about this,” Williams said, praising the security giant’s response to the attacks. “We’re going to find more government agencies that were breached. They’re not detecting it independently. This only got discovered because FireEye got hit,” he said.

The motives of the hackers aren’t known, nor do we know yet if any other major private companies or government departments had been hacked. Microsoft on Wednesday seized an important domain used by the attackers, which may give the company some visibility into other victims that have been actively infiltrated.

Russia, for its part, has denied any involvement.

These kinds of so-called “supply chain attacks” are difficult to defend against and can be near impossible to detect. You might imagine someone sneaking a hardware implant into a device on the manufacturing line. In this case, hackers injected backdoor code in the software’s development process.

Supply chain attacks are rare but can have devastating consequences. Last year hackers broke into computer maker Asus’ network and similarly pushed a backdoor to “hundreds of thousands” of Asus computers through its own software update tool. The NotPetya ransomware attack that spread across the globe in 2017 spread by pushing malicious code through the update feature in a popular Ukrainian accounting software, used by almost everyone who files taxes in the country.

So now what?
How soon can we fix the issue?
Will it be safe?
Seems they don't know yet! But they are really worried!

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

sendpm.gif Reply With Quote
Sponsored Links

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 10:13 PM.

Powered by vBulletin, Jelsoft Enterprises Ltd.