A global cyber attack by highly professional hackers has also hit US government computers. Hackers could have sneaked into the systems of the Ministry of Commerce and Finance and read e-mails there, reported Reuters. The Ministry of Commerce confirmed the attack on CNN. It is unclear what information the hackers captured.
The Washington Post reported, citing anonymous insiders, that hackers with connections to the Russian secret service SWR were responsible for the attacks. APT29 or Cozy Bear, as experts have dubbed the group, is considered one of the elite troops hacking for the Russian state. “We have nothing to do with it,” said Kremlin spokesman Dmitry Peskov from the Interfax agency in Moscow. “Even if the Americans could not do anything about it for many months, one should not blame the Russians for everything for nothing.” According to US intelligence agencies, APT29 had already gained access to the e-mail systems of the State Department and the White House during Barack Obama’s tenure.
According to an analysis published on Sunday by the IT security company Fireeye, the attacks are part of a global campaign that has been running since March. Government agencies, telecommunications and raw materials companies in North America, Europe, Asia and the Middle East are affected. Fireeye himself announced last week that they had been hacked. In their search for the intruders in their own systems, the experts now found traces of the global offensive.
Way into the heart of thousands of authorities and companies
The hackers used technology from Austin-based Solar Winds as an attack channel. It offers technology for the management and security of internal computer networks. Those who control the software can practically do what they want in the networks. The attackers found their way into the hearts of thousands of authorities and companies via a so-called back door in the software. IT professionals around the world need to fill the void that Fireeye has dubbed “Sunburst”.
In the US, the FBI is investigating. The National Security Council met on Saturday to discuss the attack. The cybersecurity agency CISA issued one of their rare emergency ordinances. This obliges all federal authorities to act immediately: computers with old versions of the software concerned must be switched off immediately. The authorities should also examine their systems to see which data has flowed in and out. The agency also released the names of the dangerous files that the authorities should look for on their computers.
The hackers obviously weren’t aiming for destruction, but wanted to spy. That rather points to an attack by a secret service. According to experts, the ability of the attackers also suggests state or state-affiliated hackers. They sneaked into the Orion solar winds platform used by the ministries. Experts call such an attack a “supply chain attack”: hackers do not infiltrate a well-protected target directly, but rather sneak into poorly secured software or hardware that is used in the actual target. In the current case, they smuggled manipulated software into a Solar Winds server, from which customers regularly download new versions of the software. The server practically served as a super spreader: 300,000 customers, including the US Federal Reserve, Air Force, NASA, the US President’s office and the Pentagon, use Solar Winds’ technology. In addition, the ten largest telecommunications companies in the United States are customers.
Companies all over the world now need to check and secure their systems. Dmitri Alperovitch, head of the IT security company Crowdstrike, wrote on Twitter: “Monday is likely to be a bad day for many IT security teams.”