(TNS) — The federal government's top cybersecurity agency on Thursday issued its most urgent warning yet about a sophisticated and extensive computer breach, saying it posed a "grave risk" to cyber networks maintained by governments, utilities and the private sector and could be difficult to purge.
Removing the malware from "compromised environments will be highly complex and challenging for organizations," the
Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) said in an alert providing the most extensive details yet about the hack.
Over the weekend, reports emerged that hackers had broken into computer networks at multiple federal agencies, including the
Treasury and Commerce departments. The list of victims has continued to grow, and includes the
Department of Homeland Security and the
National Institutes of Health. Federal law enforcement officials have said
Russia was behind the attack and are still assessing how much information was pilfered by
Moscow.
Russia's U.S. embassy has denied responsibility.
U.S. cybersecurity officials have not officially blamed the Kremlin, but in the CISA alert noted that the attack came from "a patient, well-resourced, and focused adversary" that engaged in "operational security and complex tradecraft."
Cyber experts said
Russia was among the few countries that could support such an attack.
The security compromises began in at least March, according to CISA, with the infiltrators gaining initial access through a compromise in a piece of software made by
SolarWinds — a
Texas-based company that sells network-monitoring cybersecurity software — although CISA said evidence indicates hackers had other access points.
When
SolarWinds customers running the software installed updates, they unknowingly downloaded malicious code and granted hackers access to their network. Hundreds of thousands of organizations use
SolarWinds products, and
U.S. agencies have been told to disconnect machines running the compromised program.
"Most of the sensitive folk have shut down
SolarWinds, so now they're flying blind; they don't have … their usual detection technology," said
Robert Cattanach
, a cybersecurity expert and former special counsel to the Secretary of the
Navy. "It's a very uncertain time right now."
To further complicate things, SolarWind was so ubiquitous in the cybersecurity sector that there's not a clear, immediate substitute, Cattanach added.
The
House Homeland Security and Oversight committees launched an investigation into the hacks on Thursday, warning that "based on preliminary reporting, it is evident that this latest cyber intrusion could have potentially [devastating] consequences for
U.S. national security."
(c)2020 the Los Angeles Times. Distributed by Tribune Content Agency, LLC.