“We are working closely with our agency partners because of recently discovered activities in government networks,” a spokesman for the Cybersecurity and Infrastructure Security Agency (CISA) told the AFP news agency. Provide technical support to the affected units who are working to identify and mitigate potential hazards. According to media reports, unknown hackers attacked the Treasury and Commerce Department, as well as other United States agencies such as the NTIA telecommunications agency.
Earlier, National Security Council spokesman John Ullyot said: “The US government is aware of these reports and we are taking all necessary steps to identify and correct possible problems related to this situation.” The Commerce Department confirmed to CNN that hackers had broken through security measures in one of its offices.
Is Russia behind it?
The newspaper “Washington Post” reports that hackers with connections to the Russian secret service SWR are responsible for the attacks on the finance and trade ministry as well as other US authorities. It is unclear what information was stolen. The cyber attacks had been going on for months. The Federal Police FBI have started investigations. According to the reports, the hackers controlled by a foreign government had access to the internal mail traffic of the Treasury and the NTIA for months.
The Russian government rejected the allegations on Facebook. In a post, the State Department said the allegations were another unsubstantiated attempt by the US media to blame Russia for cyberattacks against US facilities.
Fresh attack on FireEye
It was only on Tuesday that the IT security company FireEye, which the US authorities often use in cyberattacks, was itself the victim of a hacker attack. The company said the perpetrators were targeting information on government customers and diagnostic applications from the company. During the cyber attack, attack software was also stolen, which the company usually uses to test its customers’ defense systems. It is still unclear whether these tools should be used for hacker attacks.
FireEye assumed that hackers acting on behalf of the state were behind the attack. This was indicated, among other things, by the technical skills and discipline of the attackers, it said. In the past, the company had discovered, among other things, a number of attacks by North Korean hackers on banks and exposed targeted disinformation campaigns from Russia and Iran.
Treacherous packaging
According to a report by the Reuters news agency, experts assume that the cyber spies secretly manipulated updates from the IT company SolarWinds. The company works for customers in the government, the military, the secret services. The trick is called “supply chain attack” and describes a process in which malicious codes are hidden in legitimate software updates that are delivered by third parties to the hackers’ targets.
kle / ww (afp, rtre, dpa, ape)
– .
