The headquarters of the Russian military intelligence service GRU in Moscow (Pavel Golovkin/AP)
UPDATE, DEC 18:
US officials have warned of “a grave risk to the Federal Government” after discovering more hacking attacks on Government agencies and corporate networks.
The warning was issued on Thursday after intelligence agencies assessed that hackers used a a far wider variety of tools than previously known to penetrate government systems.
The analysis points to hacking beyond known targets such as the Pentagon; Departments of Homeland Security, Treasury, and Commerce; and the National Nuclear Security Administration.
President-elect Joe Biden responded immediately to the assessment: “A good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place. I will not stand idly by in the face of cyber-assaults on our nation.”
Donald Trump has still made no comment on the attacks, a silence noted by Andrew Weissman, a senior staff member in Special Counsel Robert Mueller’s Trump-Russia investigation.
Trump leaves office saying not a word about the devastating Russian cyber attack on our nation. He began 4 years ago by undermining Obama’s Russia sanctions and then rewarded the man who helped him, Michael Flynn, with a full pardon.
Why is he so afraid to condemn Russia?
— Andrew Weissmann (@AWeissmann_) December 17, 2020
Brad Smith, President of Microsoft, said Thursday:
It’s still early days, but we have already identified 40 victims — more than anyone else has stated so far — and believe that number should rise substantially. There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry.
Intelligence agencies have told Congress that they believe the Russian intelligence service SVR is behind the hacking.
UPDATE, DEC 14: US officials say hackers acting on behalf of a foreign government, almost certainly a Russian intelligence agency, have hacked Government networks including in the Treasury and Commerce Departments.
The officials said the hackers had free access to e-mail systems in one of the most sophisticated attacks on federal systems in the past five years.
Some said national security-related agencies were also targeted, but it is not clear if the systems had highly classified material.
“People familiar with the intrusions” said the perpetrators are part of the Russian Foreign Intelligence Service (SVR), in the long-running operations known as APT29 or Cozy Bear. The same group hacked the State Department and White House e-mail servers during the Obama administration.
A National Security Council meeting was convened on Saturday to discuss the matter. But Donald Trump and his inner circle said nothing about the attack, having benefited from Russian hacking and dissemination of stolen e-mails during the 2016 Presidential campaign.
“The United States Government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the National Security Council.
The Department of Homeland Security’s cybersecurity agency said it has been summoned to investigate.
However, last month Trump fired the head of the agency, Christopher Krebs, over his assessments that there was no widespread fraud in the 2020 election.
“Russian State-Sponsored Actors”
“Several corporate officials” said the attacks began as early as this spring. One of the targets appeared to be the Commerce Department’s National Telecommunications and Information Administration, which helps shape policy for Internet-related issues such as the setting of standards and the blocking imports and exports of technology which are considered a national security risk.
“Two people familiar with the matter” said the motive is still unknown.
Last week the National Security Agency warned that “Russian state-sponsored actors” were exploiting flaws in Government systems.
The NSA did not give details. However, leading cybersecurity firm FireEye announced that state-supported hackers had stolen some of its most valued tools for finding vulnerabilities in systems such as the Federal Government’s.
The attacks on FireEye led to a broader search for victims of the hackers. FireEye provided key pieces of computer code to the National Security Agency and to Microsoft, leading to discoveries and the hacks and the emergency warning last week.
Investigators believe hackers inserted code into periodic updates of software used to manage networks. The software, by the company SolarWinds, is widely used in corporate and federal networks.
SolarWinds, based in Austin, Texas, says it has more than 300,000 customers, including:
*Most of the nation’s Fortune 500 firms
*The top 10 U.S. telecommunications companies
*All five branches of the US military
*Executive Office of the President
*National Security Agency
SolarWinds said in a statement that monitoring products which it released in March and June may have been surreptitiously weaponized in a “highly-sophisticated, targeted…attack by a nation state”.
Officials said the hackers also broken into consultancy technology, telecom, and oil and gas companies in North America, Europe, Asia, and the Middle East,
In 2014 and 2015, Russian intelligence agencies gained access to unclassified e-mail systems at the White House, the State Department, and the Joint Chiefs of Staff. President Barack Obama decided at the time not to name the Russians.
The Russian hackers, believed to be connected with the military intelligence agency GRU, then broke into the systems of the Democratic National Committee and top officials in Democratic nominee Hillary Clinton’s campaign in 2016.
Trump campaign officials and Donald Trump Jr. welcomed the stolen material, with Donald Trump publicly calling on Moscow to disseminate Clinton’s “deleted e-mails”. Long-time Trump staffer and friend Roger Stone, a self-proclaimed “dirty trickster”, liaised with WikiLeaks over dissemination.