U.S. Sees ‘Grave Risk’ as Scope of Russia-Linked Hacking Widens

In this article

The suspected Russian hacking spree that has roiled U.S. government agencies posed a “grave risk” to federal, state and local governments, as well as critical infrastructure and the private sector, according to an advisory posted Thursday.

The Cybersecurity and Infrastructure Security Agency, or CISA, said the hackers demonstrated “sophistication and complex tradecraft” in its attacks. Removing the attackers from compromised networks will be “highly complex and challenging,” according to the advisory.

The attackers got into computer networks by installing a vulnerability in Orion software from SolarWinds Corp., which is widely used by government agencies and the private sector. CISA said it has evidence that the hackers also used other methods to infiltrate networks, in addition to Orion software. Those remain under investigation.

“This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks,” the agency says in the bulletin.

Hackers tied to the Russian government are suspected in the attack. CISA attributed it to an “advanced persistent threat actor,” a term used to describe hacking teams associated with nation-states.

CISA’s parent organization, the Department of Homeland Security, was among those breached in the attack, in addition to the departments of Treasury, Commerce and State, according to a person familiar with the matter.

Source: Read Full Article