Microsoft reported that 80% of targets of the alleged Russian-government backed hackers are located in the US – Politico Confirms US Nuclear Security Agency was attacked.
A couple of days ago, Hackread.com informed about a suspected Russian government-sponsored hacking campaign that is mainly targeting US government institutions. According to Microsoft’s president Brad Smith, the hackers have targeted over 40 organizations so far. Most of their targets (around 80%) are based in the US, while others are located in Canada and the UK.
Included in their targets are the US National Nuclear Security Administration (NNSA) and Energy Department (DOE) responsible for safeguarding nuclear weapons stockpile. The agency’s networks were reportedly hacked by the same group of hackers who attacked other federal agencies.
According to Politico, the nuclear agency officials noticed suspicious activity in the Los Alamos and Sandia national laboratories in New Mexico and Washington, the Richland Field Office of the Department of Energy, the Office of Secure Transportation, and the Federal Energy Regulatory Commission (FERC) networks on Thursday.
An internal investigation by the agency revealed that the FERC network had received the most damage. The US Cybersecurity and Infrastructure Security Agency (CISA) is cooperating with the federal agencies to address this massive hacking campaign, and the DOE will support FERC to investigate.
A DOE spokesperson, Shaylyn Hynes, stated that the department has identified that the attackers didn’t access critical defense systems, and the malware was “isolated” only to business networks.
“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the department, including the National Nuclear Security Administration,” Hynes said.
After identifying the vulnerable software, the agency immediately implemented measures to mitigate the risk. All the software vulnerable to this attack was quickly disconnected from the DOE network.
However, the fact that hackers could target DOE successfully indicates how sophisticated their maneuvers have become. By compromising the SolarWinds software, which hundreds of government and private-sector organizations use, the attackers could target the backbone of the US national security enterprise.
According to Microsoft, this is a wide-ranging hacking campaign in which the SolarWinds’ Orion IT software is compromised. It is an attack of remarkable scope, sophistication, and impact, Smith added. He characterized the hack as a reckoning moment.
“It represents an act of recklessness that created a serious technological vulnerability for the United States and the world. It is not just an attack on specific targets, but on the trust and reliability of the world’s critical infrastructure in order to advance one nation’s intelligence agency,” Smith said.
Microsoft claims that Orion software has been installed by people worldwide. Therefore, the target list could be far more extensive than what it appears to be. Smith states that the campaign has targeted firms in Canada, Mexico, the UK, Belgium, the UAE, Israel, and Spain apart from the US.
“It’s certain that the number and location of victims will keep growing,” Smith warned.