US Secretary of State Mike Pompeo revealed Friday that Russia was behind the wide-ranging cyberattack on America’s government systems – including those of high-security departments.
“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity,” Pompeo said during an interview on “The Mark Levin Show.”
“This was a very significant effort. . . “We’re still unpacking precisely what it is.”
It is believed by US intelligence agencies who spoke with Congress the attack was carried out by the S.V.R., an elite Russian intelligence agency, according to a report by The New York Times.
Last Thursday the nation’s Cybersecurity and Infrastructure Security Agency sent out an urgent warning that the hackers had “demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks.”
National Security Adviser Robert O’Brien had cut short a trip and returned home from the Middle East and Europe last Tuesday after private cybersecurity firm FireEye raised the alarm.
At the start of the week, on Monday Trump administration officials first publicly acknowledged the hack had compromised the Treasury and Commerce Departments, the State Department, parts of the Pentagon, the Department of Homeland Security, among others.
The hack appeared to have come through a type of Trojan horse that was downloaded in a malign Russian update of the Orion software, a network-monitoring software made by the Austin Texas-based SolarWinds Corp.
According to The New York Times SolarWinds products are used to monitor their networks by “nearly all Fortune 500 companies,” including The Times itself, as well as the Los Alamos National Laboratory where nuclear weapons are designed.
But according to Dvir Sasson, head of research for the Tel Aviv-based security firm CyberInt, the hackers do not have access to nuclear weapons and codes despite the breach, because weapons systems are usually isolated from the traditional internet.
DOE spokesperson Shaylyn Hynes confirmed Thursday that a review had determined the attack was limited so far to business networks only and had not spread to “mission essential national security functions of the department, including the National Nuclear Security Administration.
“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network,” Hynes said.
Nevertheless, the attack is not over, Sasson warned in an interview with USA Today, adding that understanding its full extent will take “a very long time.
“It’s not unlike contact tracing during a pandemic in that we are already finding that the impact and scale of this campaign is much larger than originally understood. In less than a week, this has grown from one security vendor being hacked … to a major assault on significant government agencies and businesses across the globe,” Sasson said.
A number of the companies that were attacked oversee critical infrastructure throughout the country, such as the nation’s power grid.
Meanwhile, Russia has denied any involvement, with Russia’s Ambassador to the United States, Anatoly I. Antonov having said last Wednesday there were “unfounded attempts by the US media to blame Russia” for the attacks.
Microsoft, based in Redmond, Washington, said last week it has identified nearly 20 private technology firms that were hacked in the attack; another 20 government agencies and think tanks were also infiltrated. Microsoft Corp. said on Thursday it found malicious software in its own systems related to the massive hacking campaign. The company also uses Orion, the widely deployed networking management software from SolarWinds Corp.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said.