US sees ‘grave risk’ in scope of hack targeting key infrastructure
CISA update on SolarWinds hack says removing attackers from compromised networks will be ‘highly complex and challenging’
Washington — The suspected Russian hacking spree that has roiled US government agencies poses a “grave risk” to federal, state and local governments, as well as critical infrastructure and the private sector, according to an advisory posted on Thursday.
The Cybersecurity and Infrastructure Security Agency, or CISA, said the hackers demonstrated “sophistication and complex tradecraft” in the attacks. Removing the attackers from compromised networks will be “highly complex and challenging”, according to the advisory.
Though President Donald Trump has yet to comment on the attacks, president-elect Joe Biden issued a statement on Thursday on “what appears to be a huge cybersecurity breach affecting potentially thousands of victims, including US companies and federal government entities”.
“I want to be clear: My administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office,” Biden said, pledging to impose “substantial costs on those responsible for such malicious attacks”.
Despite Trump’s silence, Robert O’Brien, his national security adviser, cut short a multi-country trip to Europe to return to the US to address the suspected Russian hack, signalling growing alarm within the Trump administration about a cyber espionage campaign considered potentially one of the most damaging in years.
The attackers got into computer networks by installing a vulnerability in Orion software from SolarWinds, which is widely used by government agencies and the private sector. CISA said it had evidence that the hackers also used other methods to infiltrate networks, in addition to Orion software. Those remain under investigation.
“This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks,” CISA said in its bulletin.
Without mentioning Russia, CISA attributed the attack to an “advanced persistent threat actor”, a term used to describe hacking teams associated with nation-states.
CISA’s parent organisation, the department of homeland security, was among those breached in the attack, in addition to the departments of Treasury, commerce and state, according to a person familiar with the matter.
Would you like to comment on this article or view other readers' comments?
Register (it’s quick and free) or sign in now.
Please read our Comment Policy before commenting.