This June 6, 2013 file photo, shows the sign outside the National Security Agency (NSA) campus in Fort Meade, Md.All fingers are pointing to Russia as author of the worst-ever hack of U.S. government agencies. But President Donald Trump, long wary of blaming Moscow for cyberattacks has so far been silent.
This June 6, 2013, file photo, shows the sign outside the National Security Agency campus in Fort Meade, Md.All fingers are pointing to Russia as author of the worst-ever hack of U.S. government agencies. But President Donald Trump, long wary of blaming Moscow for cyberattacks has so far been silent. Patrick Semansky, Associated Press
Herb Scribner
By Herb Scribner

The Department of Homeland Security’s cyber division said Thursday that Russian hackers are suspected of a massive campaign into government agencies, private U.S. businesses and infrastructure agencies in the U.S., according to CNN.

  • The department said the hackers used a number of tactics instead of just one software program, according to CNN.

The Cybersecurity and Infrastructure Security Agency said “victims appeared to have been breached despite never using” the SolarWinds Orion Software, a vulnerable software that had been previously identified by the agency.

  • The CISA said this “poses a grave risk” to groups, networks and people across the public and private sector of the United States.

“CISA has determined that this threat poses a grave risk to the federal government and state, local, tribal and territorial governments as well as critical infrastructure entities and other private sector organizations,” the CISA alert said. “CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

The scope of the attack

Microsoft President Brad Smith told The New York Times that there were at least 40 companies and government agencies hurt by the attack.

  • Those agencies included:
  • Departments of Defense.
  • The state department.
  • Department of Homeland Security.
  • The treasury.
  • National Nuclear Security Administration.
  • National Institutes of Health.

The breach reportedly began back in March. The U.S. government did not announce knowledge of the cyberattack until Sunday, Axios reports.

View Comments

One Trump administration official told Axios that the cyberattack on the U.S. government and businesses may not be completely done, and more secrets could be uncovered.

  • “We still don’t know the bottom of the well,” the official told Axios.
Related
Cyber swindlers take University of Utah for nearly $500K in ransomware attack
Utah cybersecurity team thwarts Iran digital intrusion attempts

Reaction:

President-elect Joe Biden said in a statement: “We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place. Our adversaries should know that, as president, I will not stand idly by in the face of cyberassaults on our nation.”

Sen. Mitt Romney, R-Utah, told SiriusXM chief Washington correspondent Olivier Knox: “What I find most astonishing is that a cyberhack of this nature is really the modern equivalent of almost Russian bombers reportedly flying undetected over the entire country. So our national security is extraordinarily vulnerable. And in this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary.”

Sen. Chris Coons, D-Del., told MSNBC: “It’s pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war. ... (T)his is as destructive and broad scale an engagement with our military systems, our intelligence systems as has happened in my lifetime.”

Join the Conversation
Looking for comments?
Find comments in their new home! Click the buttons at the top or within the article to view them — or use the button below for quick access.