Friday, December 18, 2020

US nuclear weapons agency breached in cyber attack

CISA has warned about the difficulty of completely 
ridding the government network of malware



Dev Kundaliya
18 December 2020

The SolarWinds hack - an extensive cyber-espionage campaign that has affected multiple US federal agencies - also compromised the networks of the National Nuclear Security Administration (NNSA) and US Department of Energy (DoE).

Citing official familiar with the matter, Politico reports that the NNSA, which is responsible for maintaining the USA's stockpile of nuclear weapons, has evidence that the hackers accessed its networks as part of the attack, first reported on the 13th December.

Officials found suspicious activity in the networks of the DoE's Richland Field Office, the Federal Energy Regulatory Commission (FERC), the Office of Secure Transportation, and the Sandia and Los Alamos national laboratories in Washington and New Mexico.

The cyber attack caused the most damage to the FERC's network, it claimed.

Shaylyn Hynes, a DoE spokesperson, told Politico that the initial investigation has found that the malware did not impact the mission critical national security functions of the department.

"When DoE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DoE network," she said.

In a statement on Thursday, the Cybersecurity and Infrastructure Security Agency (CISA) warned that it might be difficult to eliminate the malware completely through network software.

"Removing this threat actor from compromised environments will be highly complex and challenging for organisations," the agency said. "The FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors."

SolarWinds, the company behind the software the hackers targeted, stated earlier this week that hackers with ties to an "outside nation state" breached the company's network and inserted malicious code into a Windows DLL file used by their Orion network management software.

The company said that updates to the software were issued between March and June of this year, and fewer than 18,000 customers are thought to have downloaded the compromised update.

Earlier, the US government also acknowledged media reports that hackers backed by a foreign government were able to compromise the computer networks of the US Treasury Department and an agency within the Commerce Department.

On Wednesday, it emerged that cybersecurity giant FireEye, whose own networks were recently compromised by the hackers, teamed up with Microsoft and the domain registrar GoDaddy to create a killswitch for the Sunburst backdoor which was used by attackers to target networks of federal agencies.

The Federal Bureau of Investigation (FBI) and other agencies are expected to brief the members of Congress about the security breach on Friday.











No comments: