U.S. cybersecurity agency issues rare advisory to 'power down' all servers compromised in massive hack
U.S. officials are scrambling to learn the extent of a potentially massive cyberespionage campaign that infiltrated at least the Treasury and Commerce departments, but they believe they know how the suspected Russian government hackers broke in. The cybersecurity firm FireEye, which disclosed last week that it has been hacked, said late Sunday it has determined the monthlong "global campaign" had been perpetrated via malware inserted in the security update of SolarWinds' popular Orion server management software.
SolarWinds, based in Austin, says its 300,000 customers include the White House, all five branches of the U.S. military, the Pentagon, the State Department, the Justice Department, the National Security Agency, NASA, and the 10 top U.S. telecommunications firms and five leading accounting firms. It attributed the compromised software to a "highly sophisticated, targeted, and manual supply chain attack by a nation state." FireEye said the infected security update appears to have been released in the spring.
The Homeland Security Department's Cybersecurity and Infrastructure Security Agency (CISA) issued a rare directive late Sunday for "all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately." The SolarWinds breach "poses unacceptable risks to the security of federal networks," said acting CISA Director Brandon Wales, "and we urge all our partners — in the public and private sectors — to assess their exposure to this compromise and to secure their networks against any exploitation."
Subscribe to The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.
Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
The number of targets was likely limited by the labor-intensive requirements of this particular hack, cybersecurity experts said. But the attack, believed to have been carried out by the APT29 or Cozy Bear arm of Russia's SVR foreign intelligence service, will still likely end up being extensive and damaging.
"This is looking very, very bad," one person familiar with the hack told The Washington Post. "This can turn into one of the most impactful espionage campaigns on record," cybersecurity expert Dmitri Alperovitch told The Associated Press, noting that the Orion software grants remote, "God-mode" access to networks. Another person familiar with the breach told The Wall Street Journal it's a "10" out of 10 in terms of several and national security implications.
Russia's U.S. Embassy denied that Moscow was behind the attacks, calling the allegations "unfounded attempts of the U.S. media to blame Russia."
Sign up for Today's Best Articles in your inbox
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
The Pentagon faces an uncertain future with Trump
Talking Point The president-elect has nominated conservative commentator Pete Hegseth to lead the Defense Department
By Justin Klawans, The Week US Published
-
This is what you should know about State Department travel advisories and warnings
In Depth Stay safe on your international adventures
By Catherine Garcia, The Week US Published
-
'All Tyson-Paul promised was spectacle and, in the end, that's all we got'
Instant Opinion Opinion, comment and editorials of the day
By Justin Klawans, The Week US Published
-
Boeing machinists approve contract, end strike
Speed Read The company's largest union approved the new contract offer, ending a seven-week strike
By Peter Weber, The Week US Published
-
US economy still strong in final preelection report
Speed Read It grew at a solid 2.8% annual rate from July through September
By Peter Weber, The Week US Published
-
Boeing machinists reject deal, continue strike
Speed Read The rejection came the same day Boeing reported a $6.2 billion quarterly loss
By Peter Weber, The Week US Published
-
Ports reopen after dockworkers halt strike
Speed Read The 36 ports that closed this week, from Maine to Texas, will start reopening today
By Peter Weber, The Week US Published
-
Empty-nest boomers aren't selling their big homes
Speed Read Most Americans 60 and older do not intend to move, according to a recent survey
By Peter Weber, The Week US Published
-
Brazil accuses Musk of 'disinformation campaign'
Speed Read A Brazilian Supreme Court judge has opened an inquiry into Elon Musk and X
By Rafi Schwartz, The Week US Published
-
Disney board fends off Peltz infiltration bid
Speed Read Disney CEO Bob Iger has defeated activist investor Nelson Peltz in a contentious proxy battle
By Rafi Schwartz, The Week US Published
-
Disney and DeSantis reach detente
Speed Read The Florida governor and Disney settle a yearslong litigation over control of the tourism district
By Peter Weber, The Week US Published