DemDaily: Hacked!
December 17, 2020
In the most significant security breach of US government networks in more than five years, foreign hackers linked to Russian intelligence have penetrated the networks of at least a dozen federal agencies and at least ten major corporations.
Some of Agencies Targeted (MSNBC)
According to FireEye, the vulnerability was found in IT management software developed by a company called SolarWinds, a network management product that is used widely across the US government and hundreds of Fortune 500 companies.
The attackers embedding malicious code into software updates that SolarWinds offers to its tens of thousands of clients, with at least 18,000 organizations receiving the infected code.
| The "highly sophisticated, manual supply chain attack" of the U.S. government provided the perpetrators months of access to the internal emails of multiple agencies, including the Treasury, Homeland Security, Commerce and Energy departments, and the National Institutes of Health. |
House and Senate lawmakers were privately briefed this week by federal agencies, the FBI, National Security Agency, the Office of the Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency, which is Homeland Security's cybersecurity arm.
On Wednesday, Senate Intelligence Committee Vice Chair Mark Warner (D-Va), said that the government is "still assessing the extent of the penetration," but lamented that "the current president of the United States has not said a word about this."
Nearly a week after the hack was revealed, the White House has yet to issue any response to the Russian attack, and has kept a tight reign on full disclosure by top officials.
According to Politico, during a National Security Council meeting this week, national security leaders were instructed not to reach out to Capitol Hill for briefings on the massive hack without explicit approval from the White House or ODNI.
Trump's relationship with Russia has been a thorny centerpiece of his presidency, and the subject of investigation since before he took office.
In March of 2019, Special Counsel Robert Mueller's 22-month investigation concluded unequivocally that Russia "launched a concerted attack on our political system (and) used sophisticated cyber techniques" to interfere and influence the 2016 presidential elections.
| "Over the course of my career, I've seen a number of challenges to our democracy. The Russian government's effort to interfere in our election is among the most serious." -- Special Counsel Robert Mueller, July, 2019 |
In December of 2019, President Donald Trump was impeached by the United States House of Representatives for abuse of power and obstruction of Congress -- charges that grew out of the Mueller investigation.
(Saul Loeb/AFP)
It is still unclear what the ultimate end game of the cyber-espionage operation was for the Russian hackers, or what kind of damage may already have been done, but the depth of the breach at this level could takes years to fully determine.
This morning the Cybersecurity and Infrastructure Security Agency issued a warning that the breach extended beyond the SolarWinds software, and that the hackers also used other malware and different attack techniques, that posed "a grave risk to the federal government."
DemList will keep you informed.
DemList
Connecting you to The Party
Connecting you to Each Other
Kimberly Scott
Publisher
Please Support DemList!
Sources: Politico, New York Times, Foreign Policy, CNN
