صراط عشق صراط عشق
WASHINGTON (Dispatches) — The U.S. nuclear weapons agency and at least three states were hacked as part of a cyber-attack that struck a number of federal government agencies, according to people with knowledge of the matter cited by the Time magazine, indicating widening reach of one of the biggest cybersecurity breaches in recent memory.
Microsoft said that its systems were also exposed as part of the attack.
U.S. media reports claim hackers with ties to the Russian government are suspected to be behind a well coordinated attack that took advantage of weaknesses in the U.S. supply chain to penetrate several federal agencies, including departments of Homeland Security, Treasury, Commerce and State.
While many details are still unclear, the hackers are believed to have gained access to networks by installing malicious code in a widely used software program from SolarWinds Corp., whose customers include government agencies and Fortune 500 companies, according to the company and cybersecurity experts.
“This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks,” the U.S. Cybersecurity and Infrastructure Security Agency said in a bulletin that signaled widening alarm over the breach.
The hackers posed a “grave risk” to federal, state and local governments, as well as critical infrastructure and the private sector, the bulletin said. The agency said the attackers demonstrated “sophistication and complex tradecraft.”
The Energy Department and its National Nuclear Security Administration, which maintains America’s nuclear stockpile, were targeted as part of the larger attack, according to a person familiar with the matter.
“At this point, the investigation has found that the malware has been isolated to business networks only,” Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement.
The hack of the nuclear agency was reported earlier by Politico.
Microsoft spokesman Frank Shaw said the company had found malicious code “in our environment, which we isolated and removed.”
In addition, two people familiar with the broader government investigation into the attack said three state governments were breached, though they wouldn’t identify the states. A third person familiar with the probe confirmed that state governments were hacked but didn’t provide a number.
While President Donald Trump has yet to publicly address the hack, President-elect Joe Biden issued a statement Thursday on “what appears to be a massive cybersecurity breach affecting potentially thousands of victims, including U.S. companies and federal government entities.”
Officials said that the Cybersecurity and Infrastructure Security Agency, which has been helping to manage the federal response to the broad hacking campaign, indicated this week that CISA was overwhelmed and might not be able to allocate the necessary resources to respond.
Several top officials from CISA, including its former director ChristopherKrebs, have either been pushed out by the Trump administration or resigned in recent weeks.
Russia has denied any involvement in the attack.
Hynes, the Department of Energy (DOE) spokeswoman, said that efforts were immediately taken to mitigate the risk from the hack, including disconnecting software “identified as being vulnerable to this attack.”
According to Politico, the attack on DOE is the clearest sign yet that the hackers were able to access the networks belonging to a core part of the U.S. national security enterprise. It may have been an effort to disrupt the nation’s bulk electric grid, the website said.
U.S. media reports claim hackers with ties to the Russian government are suspected to be behind a well coordinated attack that took advantage of weaknesses in the U.S. supply chain to penetrate several federal agencies, including departments of Homeland Security, Treasury, Commerce and State.
While many details are still unclear, the hackers are believed to have gained access to networks by installing malicious code in a widely used software program from SolarWinds Corp., whose customers include government agencies and Fortune 500 companies, according to the company and cybersecurity experts.
“This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks,” the U.S. Cybersecurity and Infrastructure Security Agency said in a bulletin that signaled widening alarm over the breach.
The hackers posed a “grave risk” to federal, state and local governments, as well as critical infrastructure and the private sector, the bulletin said. The agency said the attackers demonstrated “sophistication and complex tradecraft.”
The Energy Department and its National Nuclear Security Administration, which maintains America’s nuclear stockpile, were targeted as part of the larger attack, according to a person familiar with the matter.
“At this point, the investigation has found that the malware has been isolated to business networks only,” Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement.
The hack of the nuclear agency was reported earlier by Politico.
Microsoft spokesman Frank Shaw said the company had found malicious code “in our environment, which we isolated and removed.”
In addition, two people familiar with the broader government investigation into the attack said three state governments were breached, though they wouldn’t identify the states. A third person familiar with the probe confirmed that state governments were hacked but didn’t provide a number.
While President Donald Trump has yet to publicly address the hack, President-elect Joe Biden issued a statement Thursday on “what appears to be a massive cybersecurity breach affecting potentially thousands of victims, including U.S. companies and federal government entities.”
Officials said that the Cybersecurity and Infrastructure Security Agency, which has been helping to manage the federal response to the broad hacking campaign, indicated this week that CISA was overwhelmed and might not be able to allocate the necessary resources to respond.
Several top officials from CISA, including its former director ChristopherKrebs, have either been pushed out by the Trump administration or resigned in recent weeks.
Russia has denied any involvement in the attack.
Hynes, the Department of Energy (DOE) spokeswoman, said that efforts were immediately taken to mitigate the risk from the hack, including disconnecting software “identified as being vulnerable to this attack.”
According to Politico, the attack on DOE is the clearest sign yet that the hackers were able to access the networks belonging to a core part of the U.S. national security enterprise. It may have been an effort to disrupt the nation’s bulk electric grid, the website said.
