WASHINGTON – Federal officials issued a strong warning Thursday that the hackers, who penetrated government systems, were also using other malware – and other attack techniques – that pose “a serious risk to the federal government.”
The Department of Homeland Security’s cybersecurity warning gave no details. However, it confirmed suspicions that FireEye, a cybersecurity firm, had voiced earlier this week that other avenues for attacks had almost certainly been found.
FireEye was the first to inform the government that since this spring, a Russian intelligence agency hackers had gotten into critical network monitoring software used by the government and hundreds of Fortune 500 companies.
The discovery greatly complicates the challenge for federal investigators as they search computer networks used by the Treasury Department, Department of Defense, Department of Commerce, and nuclear laboratories to assess the damage and understand what the hackers stole. It suggests that other software in the “supply chain” used by government agencies and corporations is similarly corrupted, although it appears that investigators do not have a comprehensive list.
However, there is also the possibility that the hackers’ goal will go beyond espionage and that once inside the systems, the Russian actors can modify data or use their access to take command of computer systems that run industrial processes . So far, however, there has been no evidence of this.
The warning also increased the urgency of government warnings. After downplaying the incident – President Trump said nothing and Secretary of State Mike Pompeo deflected the hacking as one of the many daily attacks on the federal government, suggesting China is the biggest culprit – the new warning left no doubt that it was the assessment had changed.
“This adversary has demonstrated its ability to leverage software supply chains and has extensive knowledge of Windows networks,” the warning said. “It is likely that the adversary has additional first access vectors and tactics, techniques and procedures” that “have not yet been discovered”.
“Taken together, these observed techniques indicate an adversary who has knowledge, is not familiar with operational safety and is willing to devote significant resources to maintaining the covert presence,” the warning reads. As a result, according to investigators, it could take months to find out how far American networks have been compromised.
The alert came just days after Microsoft, which produces Windows software and monitors the global network of computers using Windows, partnered with FireEye to take immediate action to stop communications between SolarWinds network management software and a command and control center The Russians sent instructions to their malware.
That ruled out further intrusion. However, this does not help for companies that have already intruded as the first software was corrupted with malware in March. And the key line in the warning said that the SolarWinds compromise in the supply chain is not the only initial infection vector used to get into federal systems. This suggests that other software, also used by the government, has been infected and used to access foreign spies.
This is a developing story. Check for updates again.