The National Security Council announced the establishment of a Cyber Unified Coordination Group to deal with the massive cyberattack believed to have been conducted by foreign hackers that has rattled the U.S. government as well as organizations around the world.
“Pursuant to Presidential Policy Directive-41 (26 July 2016) and its Annex, a Cyber Unified Coordination Group has been established to ensure continued unity of effort across the United States Government in response to a significant cyber incident,” NSC spokesman John Ullyot said in a statement on Tuesday. “The UCG process facilitates continuous and comprehensive coordination for whole-of-government efforts to identify, mitigate, remediate, and respond to this incident. The highly-trained and experienced professionals across the government are working diligently on this matter.”
The Homeland Security Department’s Cybersecurity and Infrastructure Security agency issued a governmentwide directive just before midnight on Sunday to purge all federal agency networks of potentially compromised servers after discovering that, at the very least, the Treasury and Commerce departments were victims of a monthslong cyberattack campaign suspected by many to be a Russian hacking effort.
The presidential directive cited by the NSC on Tuesday, signed by then-President Barack Obama, states that a Cyber Unified Coordination Group “shall serve as the primary method for coordinating between and among Federal agencies in response to a significant cyber incident as well as for integrating private sector partners into incident response efforts, as appropriate” when the NSC requests its formation or when “a significant cyber incident … could reasonably result in catastrophic regional or national effects on public health or safety, economic security, or national security.”
SolarWinds acknowledged Sunday night that its systems had been compromised by hackers who infiltrated the company’s Orion software updates in order to distribute malware to its customers’ computers.
The U.S. network-management company, which said roughly 18,000 of its customers were impacted by the cyberattack, removed from its website any mention of its high-profile customers over the past day. A Google web cache of SolarWinds’s website from Monday shows a “customers” page that boasted its 300,000 customers included “more than 425 of the US Fortune 500,” the 10 biggest telecommunications companies in the U.S., “all five branches” of the U.S. military, and a number of different government agencies — including the State Department, National Security Agency, Justice Department, and the Office of the President. That list is now gone.
“We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products,” Kevin Thompson, the president and CEO of the company, told the Washington Examiner in a statement over the weekend. “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state.”
The Homeland Security Department, the State Department, and the National Institutes of Health were also victims of the cyberintrusion, according to “experts” cited by the Washington Post on Monday night.
Secretary of State Mike Pompeo told the Washington Examiner on Monday that he wouldn’t comment on the alleged Russian hack specifically, though he said that “it is clear that the Russians continue to engage in malign cyberactivity around the world.” Pompeo also told Breitbart Radio: “I can’t say much other than it’s been a consistent effort of the Russians to try and get into American servers.”
“The Department of Homeland Security is aware of reports of a breach. We are currently investigating the matter,” DHS spokesman Alexei Woltornist told the Washington Examiner over the weekend. NIH did not respond to a request for comment.
“Looking at it right now, don’t have anything definitive,” acting Secretary of Defense Chris Miller told CBS News on Tuesday when asked if defense networks had been compromised by the hack. “Obviously, very concerned about it and looking into it very closely.”
FireEye, a cybersecurity firm that works with government agencies to expose and fight foreign cyberattacks, reported it discovered a ” highly evasive attacker” infiltrated SolarWinds’s Orion software updates. The firm announced last week it had itself also been hacked.
Vinoth Kumar, a cybersecurity researcher, told Reuters Tuesday he had alerted SolarWinds last year that the company’s update server could be accessed by anyone using the password “solarwinds123.” The outlet also said Kyle Hanslovan, CEO of the Huntress cybersecurity firm, “noticed that, even days after SolarWinds realized their software had been compromised, the malicious updates were still available for download.”
If Russian culpability is established for the hacks of U.S. government agencies, it would harken back to Russia’s large-scale hacking of the State Department in 2014. Actors affiliated with Russian military intelligence were also named by the U.S. as being responsible for the hacking of the Democratic National Committee’s email systems in 2016.
View original Post