(TNS) — The federal government's top cybersecurity agency on Thursday issued its most urgent warning yet about a sophisticated and extensive computer breach, saying it posed a "grave risk" to cyber networks maintained by governments, utilities and the private sector and could be difficult to purge.
Removing the malware from "compromised environments will be highly complex and challenging for organizations," the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) said in an alert providing the most extensive details yet about the hack.
Over the weekend, reports emerged that hackers had broken into computer networks at multiple federal agencies, including the Treasury and Commerce departments. The list of victims has continued to grow, and includes the Department of Homeland Security and the National Institutes of Health. Federal law enforcement officials have said Russia was behind the attack and are still assessing how much information was pilfered by Moscow.
Russia's U.S. embassy has denied responsibility. U.S. cybersecurity officials have not officially blamed the Kremlin, but in the CISA alert noted that the attack came from "a patient, well-resourced, and focused adversary" that engaged in "operational security and complex tradecraft."
Cyber experts said Russia was among the few countries that could support such an attack.
The security compromises began in at least March, according to CISA, with the infiltrators gaining initial access through a compromise in a piece of software made by SolarWinds — a Texas-based company that sells network-monitoring cybersecurity software — although CISA said evidence indicates hackers had other access points.
When SolarWinds customers running the software installed updates, they unknowingly downloaded malicious code and granted hackers access to their network. Hundreds of thousands of organizations use SolarWinds products, and U.S. agencies have been told to disconnect machines running the compromised program.
"Most of the sensitive folk have shut down SolarWinds, so now they're flying blind; they don't have … their usual detection technology," said
, a cybersecurity expert and former special counsel to the Secretary of the Navy. "It's a very uncertain time right now."
To further complicate things, SolarWind was so ubiquitous in the cybersecurity sector that there's not a clear, immediate substitute, Cattanach added.
The House Homeland Security and Oversight committees launched an investigation into the hacks on Thursday, warning that "based on preliminary reporting, it is evident that this latest cyber intrusion could have potentially [devastating] consequences for U.S. national security."
(c)2020 the Los Angeles Times. Distributed by Tribune Content Agency, LLC.
Looking for the latest gov tech news as it happens? Subscribe to GT newsletters.