Hackers' broad attack sets cyber experts worldwide scrambling to defend networks
ADVERTISEMENT

Welcome, Kapamilya! We use cookies to improve your browsing experience. Continuing to use this site means you agree to our use of cookies. Tell me more!
Hackers' broad attack sets cyber experts worldwide scrambling to defend networks
Jack Stubbs,
Reuters
Published Dec 19, 2020 02:14 PM PHT

Suspected Russian hackers who broke into US government agencies also spied on less high-profile organizations, including groups in Britain, a US internet provider and a county government in Arizona, according to web records and a security source.
Suspected Russian hackers who broke into US government agencies also spied on less high-profile organizations, including groups in Britain, a US internet provider and a county government in Arizona, according to web records and a security source.
More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage as a senior official in the outgoing administration of US President Donald Trump explicitly acknowledged Russia's role in the hack for the first time.
More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage as a senior official in the outgoing administration of US President Donald Trump explicitly acknowledged Russia's role in the hack for the first time.
US Secretary of State Mike Pompeo said on the Mark Levin radio show: "I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity."
US Secretary of State Mike Pompeo said on the Mark Levin radio show: "I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity."
Networking gear maker Cisco Systems Inc said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company's ongoing probe said fewer than 50 were compromised.
Networking gear maker Cisco Systems Inc said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company's ongoing probe said fewer than 50 were compromised.
ADVERTISEMENT
RELATED STORIES:
In Britain, a small number of organizations were compromised and not in the public sector, a security source said.
In Britain, a small number of organizations were compromised and not in the public sector, a security source said.
Shares in cyber security companies FireEye Inc, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology.
Shares in cyber security companies FireEye Inc, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology.
Reuters identified Cox Communications Inc and Pima County, Arizona government as victims of the intrusion by running a publicly available coding script from researchers at Moscow-based private cybersecurity firm Kaspersky.
Reuters identified Cox Communications Inc and Pima County, Arizona government as victims of the intrusion by running a publicly available coding script from researchers at Moscow-based private cybersecurity firm Kaspersky.
The hack hijacked ubiquitous network management software made by SolarWinds Corp. Kaspersky decrypted online web records left behind by the attackers.
The hack hijacked ubiquitous network management software made by SolarWinds Corp. Kaspersky decrypted online web records left behind by the attackers.
The breaches of US government agencies, first revealed by Reuters on Sunday, hit the Department of Homeland Security, the Treasury Department, State Department and Department of Energy.
The breaches of US government agencies, first revealed by Reuters on Sunday, hit the Department of Homeland Security, the Treasury Department, State Department and Department of Energy.
ADVERTISEMENT
In some cases the breaches involved monitoring emails but it was unclear what hackers did while infiltrating networks, cybersecurity experts said.
In some cases the breaches involved monitoring emails but it was unclear what hackers did while infiltrating networks, cybersecurity experts said.
Trump has not said anything publicly about the intrusion. He was being briefed "as needed," White House spokesman Brian Morgenstern told reporters. National security adviser Robert O'Brien was leading interagency meetings daily, if not more often, he said.
Trump has not said anything publicly about the intrusion. He was being briefed "as needed," White House spokesman Brian Morgenstern told reporters. National security adviser Robert O'Brien was leading interagency meetings daily, if not more often, he said.
"They're working very hard on mitigation and making sure that our country is secure. We will not get into too many details because we're just not going to tell our adversaries what we do to combat these things," Morgenstern said.
"They're working very hard on mitigation and making sure that our country is secure. We will not get into too many details because we're just not going to tell our adversaries what we do to combat these things," Morgenstern said.
RELATED VIDEO:
No determinations have been made on how to respond or who was responsible, a senior US official said.
No determinations have been made on how to respond or who was responsible, a senior US official said.
SolarWinds, which disclosed its unwitting role at the center of the global hack on Monday, has said that up to 18,000 users of its Orion software downloaded a compromised update containing malicious code planted by the attackers. The attack was believed to be the work of an "outside nation state," SolarWinds said in a regulatory disclosure.
SolarWinds, which disclosed its unwitting role at the center of the global hack on Monday, has said that up to 18,000 users of its Orion software downloaded a compromised update containing malicious code planted by the attackers. The attack was believed to be the work of an "outside nation state," SolarWinds said in a regulatory disclosure.
ADVERTISEMENT
People familiar with the matter have said the hackers were believed to be working for the Russian government. Kremlin spokesman Dmitry Peskov dismissed the allegations.
People familiar with the matter have said the hackers were believed to be working for the Russian government. Kremlin spokesman Dmitry Peskov dismissed the allegations.
On Friday, US Representative Stephen Lynch, head of the House of Representatives Committee on Oversight and Reform panel's national security subcommittee, said the information provided by the Trump administration was "very disappointing."
On Friday, US Representative Stephen Lynch, head of the House of Representatives Committee on Oversight and Reform panel's national security subcommittee, said the information provided by the Trump administration was "very disappointing."
"This hack was so big in scope that even our cybersecurity experts don't have a real sense yet in terms of the breadth of the intrusion itself," adding that it would take some time to fully vet all the agencies and targets.
"This hack was so big in scope that even our cybersecurity experts don't have a real sense yet in terms of the breadth of the intrusion itself," adding that it would take some time to fully vet all the agencies and targets.
The breach appeared to provide President-elect Joe Biden with an immediate headache when he takes office on Jan. 20. His transition team's executive director Yohannes Abraham told reporters on Friday there would be "substantial costs" and the incoming administration "will reserve the right to respond at a time and in a manner of our choosing, often in close coordination with our allies and partners."
The breach appeared to provide President-elect Joe Biden with an immediate headache when he takes office on Jan. 20. His transition team's executive director Yohannes Abraham told reporters on Friday there would be "substantial costs" and the incoming administration "will reserve the right to respond at a time and in a manner of our choosing, often in close coordination with our allies and partners."
Microsoft, one of the thousands of companies to receive the malicious update, said it had notified more than 40 customers whose networks were further infiltrated by the hackers.
Microsoft, one of the thousands of companies to receive the malicious update, said it had notified more than 40 customers whose networks were further infiltrated by the hackers.
ADVERTISEMENT
Around 30 of those customers were in the United States, Microsoft said, with the remaining victims found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates. Most worked with information technology companies, some think tanks and government organizations.
Around 30 of those customers were in the United States, Microsoft said, with the remaining victims found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates. Most worked with information technology companies, some think tanks and government organizations.
FROM THE ARCHIVE
Read More:
US
United States
cyber attack
cyber crime
hacking
hackers
Russia
Russian hackers
Mike Pompeo
Cisco Systems Inc
ADVERTISEMENT
ADVERTISEMENT