According to web documents and a security source, alleged Russian hackers, who hacked into United States government offices, even spied on less high-profile organizations, including parties in Britain, a US internet service, and a county government in Arizona.
More specifics were released on Friday of the cyber hacking effort that has computer network security teams around the world struggling to minimize the damage as a top official in US President Donald Trump’s outgoing administration publicly confirmed Russia’s role in the hack for the first time.
“I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”I think it’s the case now that we can say very clearly that it was the Russians who were engaged in this activity.
Cisco Systems Inc., a networking hardware company, said that a small number of computers were discovered with malicious software on them in some of its facilities, without saying if anything was taken. A source associated with the continuing investigation of the organization said that less than 50 were compromised.
A protection source said that in Britain, a limited number of companies have been affected and not in the public sector.
Shares in FireEye Inc., Palo Alto Networks, and Crowdstrike Holdings cybersecurity firms rose on Friday as investors bet that Microsoft Corp. and others’ slew of leaks would raise security technology demand.
By running a freely accessible coding script from researchers at the Moscow-based private cryptography company Kaspersky, Reuters listed Cox Communications Inc. and the government of Pima County, Arizona, as victims of the attack. The hack hijacked a ubiquitous program made by SolarWinds Corp. for network control. Online web archives left behind by the attackers were decrypted by Kaspersky.
U.S. government agency abuses, first reported by Reuters on Sunday, reached the U.S. Department of Homeland Security, the U.S. Department of the Treasury, the State Department, and the Energy Department. In certain situations, the attacks included email surveillance, but cybersecurity analysts said that it was unknown what hackers did before infiltrating networks.
Nothing has been publicly said by Trump about the intrusion. White House spokesman Brian Morgenstern told reporters that he was being briefed “as needed”. Robert O’Brien, the national security adviser, headed interagency meetings on a regular basis, if not more so, he said. “They’re working very hard on mitigation and making sure that our country is secure. We will not get into too many details because we’re just not going to tell our adversaries what we do to combat these things,” said Morgenstern.
No determinations on how to respond or who was accountable were made, a senior US official said.
SolarWinds, which announced its unwitting position at the heart of the global hack on Monday, said that a leaked upgrade containing malicious code planted by the attackers was downloaded by up to 18,000 users of its Orion app. SolarWinds said in a regulatory filing that the attack was suspected to be the work of an ‘outside nation-state’.
People familiar with the matter said that it was suspected that the hackers were working for the Russian government. The accusations were denied by Kremlin spokesman Dmitry Peskov.
On Friday, US Representative Stephen Lynch, head of the national security subcommittee of the House of Representatives Committee on Oversight and Reform, said the information presented by the Trump administration was very disappointing”
In terms of the breadth of the intrusion itself, this attack was so broad in scale that even our cybersecurity experts may not yet have a real understanding, “This hack was so big in scope that even our cybersecurity experts don’t have a real sense yet in terms of the breadth of the intrusion itself,”
The infringement threatened to have an imminent headache for President-elect Joe Biden when he assumes office on 20 January 2020. The executive director of his transition team, Yohannes Abraham, told reporters on Friday that “substantial costs” will arise and the new administration “will reserve the right to respond at a time and in a manner of our choosing, often in close coordination with our allies and partners.”
One of the thousands of businesses getting the malicious update, Microsoft said it had alerted more than 40 clients whose networks were further compromised by the hackers.
Microsoft said that 30 of those consumers were in the US with the other victims being identified in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel, and the United Arab Emirates. Many worked with IT corporations, other think tanks, and government departments.