Major Cyberattacks Hit US Government Agencies, Russia Prime Suspect
US government agencies, including the departments of Homeland Security, Treasury, and Commerce, were the targets of cyberattacks that resulted in massive data breaches. The attacks, which remained undetected for months, supposedly came from Russian-backed hackers, though the Kremlin denied any involvement.
US officials said this was part of a global cyberespionage campaign, the same that hit cybersecurity firm FireEye just days earlier. As a result, the DHS’s cybersecurity arm issued an emergency directive, urging federal civilian agencies to scan their networks for vulnerabilities and malware.
The full scale of the breach and its damages remains to be seen, but a source familiar with the matter said other entities would come forth in the coming hours and announce they have been compromised. “This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The cyberattack targeted SolarWinds, an IT vendor with a list of prestigious clients, from government agencies to private organizations. That includes the DHS, the Treasury Department, the Justice Department, all five military branches, the NSA, the Postal Service, and 425 of the US Fortune 500 companies.
In its filing with the Securities and Exchange Commission (SEC), SolarWinds said hackers placed a vulnerability in its Orian software updates introduced between March and June this year. The company added that it notified 33,000 customers of the attack but believes only 18,000 were affected. Furthermore, it stated that the threat actors managed to access corporate emails by exploiting Microsoft Office 365 tools.
The Washington Post reported that a well-known Russian hacking group known as Cozy Bear, aka APT29, was behind the incident. The cybercrime gang has links to Russia’s foreign intelligence service SVR, the equivalent to the CIA in the US. However, no federal agency has publicly confirmed that this group was responsible.
Connecting to a VPN server significantly reduces cyber threats by giving users total anonymity. VPNs encrypt Internet traffic, spoof IP addresses, and unblock geo-restricted content. However, you must only consider the best VPNs on the market.