The Department of Homeland Security, the Department of State, the National Institutes of Health and parts of the Department of Defense are also on the list of government agencies victims of a cyberattack that was attributed to Russian hackers, various media reported Monday.
The target of this offensive was
a cybersecurity company in Texas
called SolarWinds that distributes software to the largest companies in the world.
The full extent of the damage is still unclear.
But the threat was significant enough that the cybersecurity unit of the Department of Homeland Security (DHS) ordered all federal agencies to remove the software of SolarWinds, the company that was the target of the attack.
[Tips to avoid cyber attacks while your children study at home]
Thousands of companies using that
software are expected to
do the same.
The fact that parts of the Defense Department were involved was reported by The New York Times.
The attack was clear evidence of the vulnerability of government networks
, despite the fact that they have already suffered attacks in the past.
The list of those affected is expected to grow and include more federal agencies and numerous private companies, according to officials and sources quoted by The Washington Post, who spoke on condition of anonymity.
"It's a reminder that attack is easier than defense and we still have a lot of work to do
," Suzanne Spaulding, senior adviser at the Center for Strategic and International Studies and a former government cybersecurity official, told The Associated Press.
FireEye offices in Milpitas, Calif., Wednesday, February 11, 2015.AP Photo / Ben Margot
The attack began in March, when malicious code was introduced into updates to the tool that monitors the computer networks of companies and governments.
It wasn't discovered until cybersecurity company FireEye revealed that it had been hacked.
Whoever broke into FireEye was
looking for data on their government customers,
according to the company.
SolarWinds makes network management software, is located in Texas and has more than 300,000 customers around the world, including federal agencies and companies on the Fortune 500 list of America's largest public companies, according to NBC News, Telemundo's sister network.
[Putin congratulates Biden on his election victory after resisting for weeks]
The company reported Monday that
"fewer than 18,000" of its customers may have been affected
.
Russia has denied any role in the intrusions.
The breach is serious enough to trigger an emergency directive from the US Cybersecurity and Infrastructure Security Agency, which instructs all government agencies to
stop using the latest version of SolarWinds software.
Google suffers a temporary drop in several of its services
Dec. 15, 202000: 18
The attack was carried out by
hackers
of the Russian government who go by the nickname APT29 or Cozy Bear and
are part of that nation's foreign intelligence service
, according to two sources cited by The Washington Post.
SolarWinds said it was informed that a "state outside the nation" had infiltrated its systems with
malware
.
Neither the United States government nor the affected companies have publicly said which national state they believe is responsible.
A US official, who spoke on condition of anonymity because the investigation is ongoing, told The Associated Press on Monday that Russian hackers are suspected.
Russia said on Monday it "had nothing to do" with the intrusion.
"Once again, I reject these accusations,"
Kremlin spokesman Dmitry Peskov told reporters.
"If for many months the Americans could not do anything about it, they should not unfoundedly blame the Russians for everything," he argued.
[A 'hack' collapses a hospital network in one of the worst cyberattacks on the US medical system]
SolarWinds
"is a company that has remote access to hundreds of thousands of organizations around the world
, including some of the largest companies and the most critical government agencies," Dmitri Alperovitch, co-founder of cybersecurity firm CrowdStrike, told NBC News. President of Silverado Policy Accelerator.
"And simply engaging them, you immediately open the door to all of these goals."
Its compromised tool, called Orion, accounts for nearly half of SolarWinds annual revenue
, which for the first nine months of this year increased $ 753.9 million.
The break-in gave the attackers access to all of those networks.
They arrest hackers of bank accounts in Mexico
May 17, 201901: 28
Shares of the firm fell 17% on Monday, according to a financial report that alerted about 33,000 of customers using Orion that they could have been affected.
“SolarWinds was clearly a door that they could go through.
We are closing this door.
But they are still in these organizations.
There are many security teams that will probably continue to work on this problem during Christmas, "he clarified.
Was my workplace affected?
Neither SolarWinds nor cybersecurity authorities have publicly identified which organizations were breached.
The fact that a company or agency uses SolarWinds as a provider does not necessarily mean that they have been violated.
The
malware
[malicious software] was introduced in Orion updates released between March and June, but not all customers installed.
The hackers targeted the organization in a premeditated manner
.
The
hack
at that level is expensive and only intruders chose targets with information highly sought after because the risk of being detected increased whenever activated the
malware
, said Charles Carmakal, executive FireEye.
[More than 110,000 students are left without classes in Maryland due to a "catastrophic" cyber attack]
The method used to distribute
malwar
e through SolarWinds software was reminiscent of
the technique
Russian military
hackers
used in 2016 to infect companies doing business in Ukraine
with the hard drive-erasing NotPetya virus that became the most damaging cyber attack to date.
In that case, the hackers inserted a computer 'worm', a virus that replicates itself to spread to other computers with updates from SolarWinds.
The attack required "meticulous planning and manual interaction," according to FireEye.
DHS's Cybersecurity and Infrastructure Security Agency (CISA) issued an unusual statement on Monday asking anyone with information about the event to contact them via
central
mail.
@ cisa.gov.
With information from AP, The Washington Post, NBC News, Reuters and The New York Times.
/cloudfront-eu-central-1.images.arcpublishing.com/prisa/WQEEUVRP3BB57M7LND37U7VREE.png)
