Basic Hackers' Trick May Be Behind Epic Breach of US

Russian operatives allegedly hijacked a software patch to gain entry into sensitive agencies
By John Johnson,  Newser Staff
Posted Dec 15, 2020 8:01 AM CST
Behind Epic Breach of US: a Software Patch

It's big. The full scope of a cyberattack by suspected Russian operatives on US government agencies is coming into focus, and the sentiment in coverage can be summed up in this quote from a US official to Politico. "This is probably going to be one of the most consequential cyberattacks in US history,” the official says. "We're dealing with something of a scale that I don't think we've had to deal with before." Coverage:

  • Who got hit: The Department of Homeland Security, the very agency whose mission it is to protect the nation from such attacks, is among the newly revealed victims, reports the Washington Post. Other breaches were at the Pentagon, State Department, the National Institutes of Health, the Commerce Department, and the Treasury Department.

  • What did they get? Unclear. So far, no evidence has surfaced that classified information was compromised. But at this point, "we don't know what's been taken," says Politico's source. This appears to be espionage, not destructive hacking, and the targets were all high-value ones.
  • How did they get in? A software patch. The New York Times reports that hackers believed to be working for Russia compromised a software update from SolarWinds, which makes network-management software widely used by government agencies. The company says fewer than 18,000 of its more than 300,000 customers were compromised. “It’s not about quantity—it's about quality," John Hultquist of the cybersecurity firm FireEye tells the Post.
  • How long? This breach appears to have been in place for about nine months, reports Reuters. It was FireEye, a private firm, that discovered the hack and made it public over the weekend. The Times has this damning line: "Analysts said it was hard to know which was worse: that the federal government was blindsided again by Russian intelligence agencies, or that when it was evident what was happening, White House officials said nothing."
  • Not helping: The DHS has a cybersecurity unit known as the Cybersecurity and Infrastructure Security Agency, but CISA has been in disarray since President Trump fired director Christopher Krebs after Krebs deemed the 2020 election secure, notes Reuters and Politico.
  • Nitty gritty: The tech savvy can dig into this blog post by FireEye about the carefully executed hack, one that left few fingerprints. One takeaway: "This is some of the best operational security that FireEye has observed in a cyber attack, focusing on evasion and leveraging inherent trust."
(More hackers stories.)

Get the news faster.
Tap to install our app.
Install the Newser News app
in two easy steps:
1. Tap in your navigation bar.
2. Tap to Add to Home Screen.