A Hacker Group Backed By Russian Government Reportedly Breached US Agencies

Russia Cyber Attack on the US

The Trump administration has acknowledged on Sunday that hackers have broken into several key government networks, which includes the Treasury and Commerce Departments, and had free access to their email systems. These hackers are believed to be acting on the behalf of some foreign government which is certainly clear that the Russian intelligence agency is the one behind this according to federal and private experts.

This attack is considered as the most sophisticated, and maybe one of the largest, attacks on federal systems in the recent five years as the officials said that the hunt is still on to determine how many other parts of government have been affected by it. It is also in rumors that the national security-related agencies are also on the chopping block but it is still not comprehensible that was there any highly classified material.

The government was more suspicious about the Russian intervention in the 2020 election but it turned out that key agencies working for the administration were on the table for the sophisticated attack which was unrelated to the election.

NSC: Searches…

John Ullyot, a spokesman for the National Security Council, said in a statement that the US government is aware of the reports and are taking every step necessary to identify and solve those issues. Even the Department of Homeland Security’s cybersecurity agency has been called in as well, although its leaders were fired by President Trump last month for declaring that there had been no widespread election fraud.

It was acknowledged by the Commerce Department that one of their agencies was attacked too but did not take the name of which agency. But under further investigation, it appeared that the National Telecommunications and Information Administration was the one under attack which can be considered a national security risk as they determine policy for internet-related issues, including setting standards and blocking exports and imports of technology.

It is still unclear to deduce the motive of the attack on the agency and Treasury Department but two people familiar with the matter said that these attacks were going on unnoticed since spring this year in pandemic and election season. So it was too soon to tell how damaging the attacks were and what amount of material was lost.

Russian State-Sponsored Actors

The news of the breach was reported earlier by Reuters came less than a week after National Security Agency issued a warning that “Russian state-sponsored actors” were exploiting the system flaws which were used broadly in the federal government.

NSA refused to give any further information that what had happened that led to this immediate warning. But it was shortly after the warning that FireEye, a leading cybersecurity firm, said that hackers working for a state had stolen some of its prized tools for finding loopholes in its client systems which included the federal government. This investigation also showed arrows pointing towards Russia’s leading intelligence agencies- S.V.R., also known by the name A.P.T. 29 or Cozy Bear.

FireEye is hired by many clients including the Department of Homeland Security and intelligence agencies to undertake inventive but warm hacks of their systems by making use of its knowledge observed all over the world. FireEye’s make use of “red team” tools which essentially imitate a real hacker is used to put security holes in networks. So the ones responsible for the attack stole FireEye’s tool and added this to their weapons list but FireEye was not the only victim.

Hackers- Extra Precautious

Hackers did every bit to get to their motive as they inserted their code into periodic updates of software which was used to manage networks known by the name- SolarWinds. The malware was carefully reduced to avoid detection by any firewall.  SolarWinds has over 300,000 customers which include most of the nation’s Fortune 500 firms but it is still unclear how many were using the Orion platform that the Russian hackers invaded.

Once the connection of the attack with Russia is confirmed then it will be the most sophisticated known theft of government data of America by Moscow after the 2014 and 2015 spree where Russian intelligence agencies accessed email systems at the Joint Chiefs of Staff, White House, State Department. Back then-President Barack Obama decided to not name Russia as the perpetrator which is now regarded as a mistake.

Russians, one among many countries have been trying to hack American research institutions as well as the pharma companies as Symantec Corporation warned that a Russian ransomware group was making use of the sudden change in American work habits because of the pandemic

A wider hunt is in progress to determine where these hackers have intruded as FireEye has provided key pieces of computer codes to the N.S.A. and to Microsoft which went searching for similar attacks on the federal system leading to the warning issued.

Fooling High-End Security

Apart from collecting names and passwords, the hackers were able to insert counterfeit “tokens” after getting into SolarWinds network management software which are essentially electronic indicators that give an assurance to Microsoft, Google, or other providers about the ID of the computer system its email systems are communicating with. So by using this, they were able to trick the system and gain access, undetected.

The attack could have extracted anything- it could be security-clearance files or fingerprints. These cyber issues between the US and Russia have been for two decades which led to the formation of United States Cyber Command, the Pentagon’s quickly expanding cyber warfare force. So hopefully they can investigate this matter fast as Trump may have a Good Bi-Den.