US Military Taking 'Targeted Actions' Against 'Wide-Spread, Evolving' Hack

The Pentagon's combat support agency tasked with information technology and communications support has said it's taking active measures to investigate potential intrusions and guard against future threats after a massive hack that infiltrated across at least several departments of the U.S. federal government.

"We are aware of the wide-spread and evolving cyber incident," Navy Vice Admiral Nancy Norton, director of the Defense Information Systems Agency and commander of Joint Force Headquarters - Department of Defense Information Network (DODIN), said in a statement sent Wednesday to Newsweek.

"We continue to assess our DOD Information Networks for indicators of compromise and take targeted actions to protect our systems beyond the defensive measures we employ each day," the statement continued.

And while the affected software company, SolarWinds, is used by all five branches of the U.S. military, Norton noted that no evidence of illicit entry had yet been detected.

"To date, we have no evidence of compromise of the DODIN," the statement added. "We will continue to work with the whole-of-government effort to mitigate cyber threats to the nation."

us, air, force, cyber, warfare
A staff sergeant assigned to the 175th Cyberspace Operations Group of the Maryland Air National Guard monitors live cyber attacks on the operations floor of the 27th Cyberspace Squadron, known as the Hunter's Den, at Warfield Air National Guard Base, Middle River, Maryland, June 3, 2017. J.M. Eddins Jr./Airman Magazine/U.S. Air Force

While the full extent of what appeared to be a sprawling, months-long cyberespionage operation that exploited an Orion software update dating to May remains unclear, both public and private sector institutions are scrambling to evaluate their defenses.

Among U.S. agencies, the Treasury Department and Department of Commerce have acknowledged their networks were affected by the so-called supply chain attack, with media reports indicating the Department of Homeland Security, the State Department and the National Institutes of Health and others have joined the list.

Unnamed U.S. officials cited in major outlets have pointed to Russia as the top suspect, but Moscow's embassy in Washington has denied responsibility.

In a statement reiterated to Newsweek, the embassy dismissed what it argued to be "unfounded attempts of the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies."

"We declare responsibly: malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations," the embassy said. "Russia does not conduct offensive operations in the cyber domain."

Without specifically blaming Moscow for the SolarWinds operation, Secretary of State Mike Pompeo told the Ben Shapiro Show on Tuesday that "Russian efforts to use cyber capabilities against us here in the United States is something that's been consistent certainly for – goodness, I guess I was in Congress six years and now four years in the administration."

He accused the Kremlin of attempting to interfere in the past four elections, saying President Donald Trump—who is accused by Democrats of colluding with Russia to win in 2016—has met with success in curbing Moscow's alleged bad behavior, though it remains a persistent problem.

"This is a real challenge," Pompeo said. "We have imposed costs on the Russians. We've urged them to cease this kind of malign activity. But they are a real challenge."

In a joint statement sent to Newsweek the following day, the Office of the Director of National Intelligence said its officials, along with FBI and the Cybersecurity and Infrastructure Security Agency (CISA), had "become aware of a significant and ongoing cybersecurity campaign."

The three agencies have divided the labor in tackling the issue.

The FBI "is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors," while also "engaging with known and suspected victims, and information gained through FBI's efforts will provide indicators to network defenders and intelligence to our government partners to enable further action," the statement said.

CISA, which issued an emergency directive on Sunday in response to the hack's detection, "is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises," according to the statement.

ODNI, for its part, "is helping to marshal all of the Intelligence Community's relevant resources to support this effort and share information across the United States Government."

Other U.S. agencies referred Newsweek to the National Security Council's announcement Tuesday of the formation of a Cyber Unified Coordination Group to investigate the incident.

A U.S. Cyber Command spokesperson told Newsweek on Monday it "is postured for swift action should any defense networks be compromised. An official with the U.S.-led NATO Western military alliance, some of whose networks also used SolarWinds software, said Tuesday that "cyber defence is a core part of our collective defence."