Russian hackers have breached networks belonging to the US government and private organizations worldwide in the operation that uses the global software supply chain to infect targets.
The Trump administration acknowledged on Sunday that hackers acting on behalf of particular Russian intelligence agency, according to federal and private experts — broke into a range of key government networks, including the Treasury and Commerce Departments, and obtained free access to their email systems.
Hackers who targeted the federal government appear to be part of a Russian intelligence campaign aimed at multiple U.S. agencies and companies, including the cybersecurity company FireEye, officials said on Sunday. This well-planned and complicated hacker attack and the finish of the US presidential elections could barely be the coincidence.
The highly sophisticated attack targeted updates in widely used software from Austin, Texas-based SolarWinds Corp., which sells technology products to a Who’s Who list of sensitive and strategic targets. These include the State Department, the Centers for Disease Control and Prevention, the Naval Information Warfare Systems Command, the FBI, all five branches of the U.S. military, and 425 corporations (consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East), according to the FireEye’s website and government data. The damage caused to federal and private network systems is still fully unknown, but the list of attacked networks is overwhelming and it has already posed serious danger to national security of the US.
The Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service, the SVR, and they breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of their appointment and the sensitivity of the matter.
Russia’s SVR, the equivalent to the CIA in the U.S., was blamed for major hacks in 2014-15 that involved unclassified email systems at the White House, State Department and the Joint Chiefs of Staff. The APT29 group has been active for several years, and is known in the hacker community as the Dukes or Cozy Bear. Cozy Bear became widely known in 2015, when researchers at Kaspersky Lab pinned devastating hacks of the unclassified state department and White House networks.
It has also been accused of performing attacks on Norwegian foreign and defense ministries and security service in 2017. The same group has been linked to attacks on the US Democratic party in the run-up to 2016 elections which caused long-time and unprecedented investigation called “RussiaGate”.
Embassy of Russia in the US has recently made statement, refusing any alleged participation of Russian citizens in the mentioned hacker attack: “…We declare responsibly: malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations. Russia does not conduct offensive operations in the cyber domain.”
But early indications suggest the attackers were seeking information on American hacking capabilities and defenses, which Russian intelligence is highly interested in.
The level of planning and performing attack, extra-high level of perpetrators and increasing level of confrontation between the US and Russian Federation is crucial reason to investigate involvement of Russian intelligence and its affiliates to the recent hacker attack on the US federal and private network systems.
Taking into account the clear repeat of 2016 hacker attacks and extreme danger caused by such foreign interventions to domestic networks of different levels, it is quite obvious that the US has faced another phase of Cold War which demands fast and appropriate respond.