They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE.
The hackers have been able to do more damage at FERC than the other agencies, and officials there have evidence of highly malicious activity, the officials said, but did not elaborate.
It’s not likely the hackers were able to penetrate the really sensitive information. The Pentagon says that the malware employed only affected business systems.
“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the department, including the National Nuclear Security Administration,” Hynes said in a statement. “When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
The Office of Secure Transportation at the NNSA transports nuclear weapons and moves them around the country. They travel in non-descript trucks with non-uniformed personnel. While the routes and other specific information are probably well-protected, you have to wonder what’s in the “business network” that so interested the hackers.
The media is eager to find some way to blame Trump but it’s a non-starter. The best cybersecurity in the world failed to catch one malicious piece of malware connected to SolarWinds software and the result was a disaster. It’s hard to see how Joe Biden or any other Democrat could have stopped it.
Over 2 million people have seen this controversial video about what will happen next to stocks this year
SolarWinds is the maker of a nearly ubiquitous network management tool called Orion. A surprisingly large percentage of the world’s enterprise networks run it. Hackers backed by a nation state–two US senators who received private briefings say it was Russia–managed to take over SolarWinds’ software build system and push a security update infused with a backdoor. SolarWinds said about 18,000 users downloaded the malicious update.
Microsoft President Brad Smith said the penetrations were very specific, but of those 18,000 users only a tiny fraction ended up being hacked.
Of the 18,000 organizations that downloaded a backdoored version of software from SolarWinds, the tiniest of slivers–possibly as small as 0.2 percent–received a follow-on hack that used the backdoor to install a second-stage payload. The largest populations receiving stage two were, in order, tech companies, government agencies, and think tanks/NGOs. The vast majority–80 percent–of these 40 chosen ones were located in the US.
The CEO of FireEye, the application that first detected the hack, said, “We are witnessing an attack by a nation with top-tier offensive capabilities.” The U.S. government is convinced that Russia is responsible, but it’s early in the investigation and that could change. China also has that capability and perhaps a more compelling motive. Whoever initiated the hack got a goldmine of information that they can use or sell.
And the U.S. is poorer for it.