US Vows 'Swift Action' if Defense Networks Hit by Alleged Russia Hack

The U.S. military's cyberwarfare branch has promised a quick response if the nation's defense networks were found to have been infiltrated in a major hack that has rocked the federal government.

As of Monday afternoon, the Department of Commerce and the Department of the Treasury have acknowledged that their communications were affected by a yet unidentified perpetrator exploiting a vulnerability in an update to Orion products offered by software company SolarWinds. A third agency, the Department of Homeland Security, is also believed to have been affected, according to Reuters.

The full extent of the breach has yet to be identified, but SolarWinds' extensive customer list includes a range of other U.S. government agencies, including all five branches of the military. Contacted by Newsweek, the Defense Department's cyber-focused combatant command said it was prepared to act immediately if its communications were determined to have been impacted.

"U.S. Cyber Command is postured for swift action should any defense networks be compromised," a spokesperson for the command told Newsweek. "We are in close coordination with our interagency, coalition, industry, and academic partners to assess and mitigate this issue. As is our mission, we will continue to conduct cyberspace operations in defense of our Nation."

A Pentagon spokesperson referred Newsweek to the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA)—which on Sunday issued an emergency directive in response to the breach—and the White House's National Security Council.

"The Department of Homeland Security is aware of reports of a breach," DHS spokesperson Alexei Woltornist said in a statement sent to Newsweek. "We are currently investigating the matter."

The Federal Bureau of Investigation (FBI) also referred Newsweek to the National Security Council, which issued a statement earlier Monday.

"The NSC is working closely with @CISAgov, @FBI, the intelligence community, and affected departments and agencies to coordinate a swift and effective whole-of-government recovery and response to the recent compromise," the National Security Council tweeted in a statement attributed to spokesperson John Ulliyot.

Two other U.S. entities, the Central Intelligence Agency and the Office of the Director of National Intelligence, declined Newsweek's request for comment.

us, marines, cyber, exercise
A sailor with 553 Cyber Protection Team opens a network monitoring program during I Marine Expeditionary Force Large Scale Exercise 2016 involving U.S. Cyber Command at Marine Corps Air Station Miramar, California, August 22, 2016. Corporal Garrett White/I Marine Expeditionary Force

SolarWinds has yet to identify the culprit, nor has the U.S. government or the scores of other affected agencies and companies, which include 425 firms of the Fortune 500 and all top-10 U.S. telecommunications networks.

News of the intrusion comes days after leading cybersecurity firm FireEye revealed in a blog post by CEO Kevin Mandia that it had been "attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack."

No actor was named, though Mandia described the country as "a nation with top-tier offensive capabilities."

A follow-up post published Sunday by the company and a separate post that same day by Microsoft revealed that the hack on SolarWinds, which also admitted the attack, is believed to have led to the FireEye breach. SolarWinds is believed to have first been breached by trojanized updates dated between March and May of this year.

Reuters and the Associated Press have cited unnamed sources tying Russia to the operation, but Moscow's embassy in Washington denied any culpability.

"We paid attention to another unfounded attempt of the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies," the embassy said in a statement Monday. "We declare responsibly: malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations. Russia does not conduct offensive operations in the cyber domain."

The embassy said that the Kremlin had tried in vain to bolster cybersecurity cooperation between the U.S. and Russia, including through a September 25 proposal from President Vladimir Putin.

"We have received no reply from Washington," the embassy added. "Many of our other suggestions to start constructive and equal dialogue with the U.S. remain unanswered."

For decades, dating back to the Cold War, Washington has accused Moscow of attempting to subvert U.S. information networks. Attention to such allegations increased exponentially when the U.S. intelligence community accused the Kremlin of a concerted effort to influence the 2016 U.S. presidential election in favor of President Donald Trump.

The Justice Department charged six Russian hackers suspected to be affiliated with the Russian military's Main Directorate of the General Staff, also called the Main Intelligence Directorate (GRU), for computer intrusions and attacks on targets across a number of countries.

Russian officials deny any connection to such operations, and have repeatedly denied media reports regarding alleged ties between the Russian government and the SolarWinds operation.

solarwinds, customers, list
A partial list of SolarWinds customers as per the company's website as seen on December 14. SolarWinds

"I reject these statements, these accusations once again," Kremlin spokesperson Dmitry Peskov said Monday, according to the state-run Tass Russian News Agency. "Even if it is true there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away. We have nothing to do with this."

Regardless of the offender in the SolarWinds hack, experts have warned the scope of the damage could be devastating.

"Given the breadth of customers that use Solar Winds, the extent of the breach and information available could be astronomical," Randy Watkins, Chief Technology Officer at cybersecurity company CRITICALSTART, whose partners include FireEye, told Newsweek.

"With organizations including government agencies, branches of the Armed Forces, and government contractors all using SolarWinds software," he said, "this breach could absolutely compromise national security, and could result in leaked information on everything from policy decisions to military strategy and weapons development."

Watkins argued the goals behind state-sponsored espionage haven't changed in more than half a century. But he said how data is stored and used is a product of our time, one in which the stakes have never been higher for protecting sensitive information.

"Nation states are looking for any information that can give them leverage on the world stage, including military strategy, policy and sanction information," he said, "or even intel that other nation's may possess."