U.S. Cyber Agency: SolarWinds Attack Hitting Local Governments
By Jaclyn Diaz
December 24, 2020
Updated at 3:30 a.m. ET
A U.S. cybersecurity agency said Wednesday that the far-reaching attack into the IT management company SolarWinds discovered earlier this month has infected more systems than previously thought.
The U.S. Cybersecurity and Infrastructure Security Agency, also known as CISA, said Wednesday that the hack not only affected key federal agencies, but also computer systems used by state and local governments, critical infrastructure entities and other private sector organizations.
There is also evidence that other networking software may have been compromised, CISA said. The cybersecurity agency said it is investigating signs of abuse of Security Assertion Markup Language (SAML) tokens as well. SAML tokens are complex password handlers that allow different programs to communicate, allowing for one single log-in to access various services.
Top Treasury Email Accounts Exposed In SolarWinds Hack: Report
The hackers performed a complex step inside Microsoft Office 365 to create an encrypted “token” that tricked the Treasury’s system into thinking the hackers were legitimate users, The New York Times said. By Michael Novinson December 21, 2020, 10:12 PM EST
The SolarWinds hackers seized upon a Microsoft flaw to infiltrate the email system used by the U.S. Treasury Department’s senior leadership, The New York Times reported.
Dozens of Treasury email accounts were compromised, including those in the departmental offices division, where the most senior officials operate, Sen. Ron Wyden, D-Ore., told the Times on Monday. Hackers gained access to the Treasury’s email system in July by manipulating internal software keys, and the breach came to light from Microsoft, which runs much of Treasury’s communications software.
NSA, CISA Warn of Attacks on Federated Authentication
While incident responders focus on attacks using SolarWinds Orion, government cyber defenders highlight other methods likely being used as well.
An attacker-modified update to the SolarWinds Orion network management product that compromised thousands of companies and government agencies is likely not the only way Russian attackers infiltrated networks, according to the US Cybersecurity and Infrastructure Security Agency (CISA) in an update over the weekend.
In an updated alert about the recent cyber-espionage attacks against government agencies and private-sector companies, CISA noted on Dec. 18 that the attackers appear to have used other vectors of attacks outside of the SolarWinds Orion platform. On Dec. 21, the agency pointed to an advisory published the previous week by the National Security Agency, which warned that attackers were stealing private keys for single sign-on (SSO) infrastructure to bypass two-factor authenti
Get Permission
In his first remarks about the massive hacking operation that leveraged a tainted SolarWinds Orion software update, President Donald Trump on Saturday downplayed the seriousness of the incident and contradicted Secretary of State Mike Pompeo, who pointed a finger at Russia in a Friday radio interview.
In a pair of tweets on Saturday, Trump appeared to question whether Russia was involved in the hacking operation and opened up the possibility that China may have played a role. The Cyber Hack is far greater in the Fake News Media than in actuality, Trump tweeted on Saturday. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).
Secretary of State Mike Pompeo, commenting on the breach, said in a Friday evening radio interview that “the Russians engaged in this activity.
“I can’t say much more as we’re still unpacking precisely what it is, and I’m sure some of it will remain classified, Pompeo said, according to a transcript provided by the State Department. “But suffice it to say there was a significant effort to use a piece of third-party software to essentially embed code inside of U.S. government systems, and it now appears systems of private companies and companies and governments across the world as well. This was a very significant effort, and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.