Alleged Russian SolarWinds Hack Poses 'Grave Risk' To U.S. Government
The Cybersecurity and Infrastructure Security Agency (CISA) warned on Thursday that the alleged Russian hack of SolarWinds software poses a "grave risk" to the U.S. government.
News broke over the weekend that SolarWinds Orion software had been compromised as far back as March. Hackers managed to input malware into a software update that was then downloaded and used by thousands of SolarWinds clients—which included top government agencies as well as more than 400 Fortune 500 companies. Although the damage is still being investigated, cybersecurity experts, lawmakers and government officials have emphasized the seriousness of the hack.
"This APT [advanced persistent threat] actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations," CISA, an agency operating under the Department of Homeland Security (DHS), said in a Thursday statement.
CISA went on to warn that the hack "poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations." The DHS agency explained that the hackers appear to be "a patient, well-resourced, and focused adversary" and stressed that the SolarWinds Orion breach is "not the only initial infection vector this APT actor leveraged."
"CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated," the agency said.
DHS, the Treasury Department and the Commerce Department are among the agencies reportedly compromised by hackers. Although the perpetrator has not been publicly confirmed, Russia has arisen as a prime suspect. Cybersecurity experts and government officials have pointed to the sophistication and nature of the attack to allege Russia is likely behind the hack.
A spokesperson for Russian President Vladimir Putin and the country's embassy in Washington, D.C. have both denied any involvement. Such denials would be expected, however, as nation states generally do not admit involvement in hacks and espionage against other nations. Other nations—including China, Iran and North Korea—have recently been accused of carrying out cyberattacks targeting American entities.
Fortalice CEO Theresa Payton, White House chief information officer overseeing IT operations under former President George W. Bush, told CNBC's Squawk Box on Wednesday that "essentially the design [of the SolarWinds hack] gives the opportunity for cyber operatives to have what we refer to in the industry as 'God access' or the 'God door.'"
In a Monday filing with the SEC, SolarWinds said that nearly 18,000 users may have been impacted by the compromise. But it's still unclear what specific clients may have had data monitored or stolen as an investigation involving the FBI continues. A SolarWinds source told Newsweek that the company has been collaborating and sharing information throughout this process with CISA and other agencies to assist in getting to the bottom of the hack.
"This SolarWinds event was a huge supply-chain cyber hack and it shows that the extended supply chain is the soft-underbelly of our national defense and economy," Jennifer Bisceglie, CEO of Interos, a company focused on supply chain risk management and cybersecurity, told Newsweek in an email.
"Attacks of this nature will only continue to increase in frequency and severity. We need a common organizational framework and set of tools that enable organizations to share supply chain threat analysis before the next threat materializes—not after," Bisceglie said.
Updated December 17, 2020 at 2:14 p.m. ET: A comment from a SolarWinds source has been added, as has a comment from Jennifer Bisceglie of Interos.
