The widespread assault by hackers is inflicting cyber specialists around the globe to defend networks
© Reuters. FILE PHOTO: Exterior of SolarWinds headquarters in Austin
By Jack Stubbs
(Reuters) – Suspected Russian hackers who broke into US government agencies have also spied on lesser-known organizations, including groups in the UK, a US internet service provider and a county government in Arizona, according to web records and a security source.
Further details were revealed on Friday of the cyber espionage campaign in which computer network security teams around the world seek to limit the damage when a senior official in the outgoing administration of US President Donald Trump first explicitly recognized Russia’s role in the hack.
Secretary of State Mike Pompeo said on the Mark Levin radio show, “I think now we can say pretty clearly that it was the Russians who took part in this activity.”
Network equipment maker Cisco Systems Inc (NASDAQ 🙂 said a limited number of machines with malicious software had been found in some of its laboratories without saying if anything had been done. A person familiar with the company’s ongoing investigation said fewer than 50 had been compromised.
In the UK, a small number of organizations have been compromised and not in the public sector, a security source said.
Shares of cyber security firm FireEye (NASDAQ 🙂 Inc, Palo Alto Networks (NYSE :), and Crowdstrike Holdings rose on Friday as investors bet the deluge of disclosures from Microsoft Corp. (NASDAQ 🙂 and others would increase the demand for security technology.
Reuters identified Cox Communications Inc and the government of Pima County, Arizona, as victims of the intruder by using a publicly available encoding script https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/ was executed. Enowpopup from researchers at Moscow-based private cybersecurity firm Kaspersky. The hack hijacked the ubiquitous network management software from SolarWinds Corp. Kaspersky decrypted online web records left behind by the attackers.
The US government agency violations that Reuters first uncovered on Sunday included the Department of Homeland Security, Treasury Department, State Department and Department of Energy. In some cases, the violations involved monitoring emails, but it was unclear what hackers were doing while infiltrating networks, cybersecurity experts said.
Trump has not said anything publicly about the intrusion. He was briefed “as needed,” White House spokesman Brian Morgenstern told reporters. National security adviser Robert O’Brien led daily, if not more often, inter-agency meetings, he said.
“You are working very hard to contain it and make sure that our country is safe. We will not go into too many details because we will simply not tell our opponents what we are doing to fight these things,” said Morgenstern.
No decisions have been made about how to respond or who is responsible, according to a senior US official.
SolarWinds, which on Monday announced its ignorant role at the center of the global hack, announced that up to 18,000 users of its Orion software have downloaded a compromised update that contains malicious code planted by the attackers. The attack was believed to be the work of an “external nation-state,” SolarWinds said in a regulatory disclosure.
People familiar with the matter have said the hackers are believed to be working for the Russian government. Kremlin spokesman Dmitry Peskov denied the allegations.
On Friday, US Representative Stephen Lynch, chairman of the National Security Subcommittee of the House Oversight and Reform Committee, said the information from the Trump administration was “very disappointing.”
“This hack was so extensive that even our cybersecurity experts still have no real sense of the breadth of the intrusion itself,” he added, adding that it would take some time to fully review all agencies and targets.
The injury appeared to be an immediate headache for President-elect Joe Biden when he took office on Jan. 20. The executive director of his transition team, Yohannes Abraham, told reporters Friday that there would be “a substantial cost” and that the incoming administration “reserves the right to act at a time and in a manner of our choosing, often in close consultation with our allies and partners. “
Microsoft, one of the thousands of companies that received the malicious update, said it had notified more than 40 customers whose networks were further infiltrated by the hackers.
According to Microsoft, around 30 of these customers were in the United States. The remaining victims were found in Canada, Mexico, Belgium, Spain, Great Britain, Israel and the United Arab Emirates. Most worked with information technology companies, some think tanks, and government organizations.