Eric De Grasse
Chief Technology Officer
16 December 2020 (Paris, France) – The U.S. government is still getting its arms around the scope of the Russia-linked hack that penetrated the Pentagon, Treasury, Commerce, Homeland Security and State departments (at least), and other institutions are bracing for damage. The big picture: The news, which Reuters broke Sunday, has shaken the government and larger cybersecurity world. The National Security Council reportedly held an emergency meeting over the weekend to discuss the breaches. Who was (probably) behind it. Cyber operators likely working for the SVR, a Russian intelligence service, compromised the software of IT contractor SolarWinds to gain access to these government networks — and have been potentially roaming in them since March. The group’s history. The same hacking unit, known as APT29 or Cozy Bear, hacked prominent cybersecurity vendor FireEye. Cozy Bear was also behind a major compromise in 2014 and 2015 of Pentagon, White House and State Department email systems. • In the FireEye breach, Russian spies stole the tools the U.S. firm’s own hackers used to see if clients’ networks were secure — tools that, in theory, Russia could repurpose for malign hacking. The operators also seemed interested in FireEye’s government clients. The upper limit of the hack’s potential reach: Some 18,000 SolarWinds customers — not individuals, institutions — may have been breached in the campaign, said SolarWinds. What we don’t know:
What’s at stake: The Pentagon and State Department are — and will always be — premier targets for foreign intelligence services. But there’s plenty of potential interest to Russian intelligence within other agencies.
Between the lines: There’s no evidence that these particular parts of Treasury, Commerce or DHS were breached. But the point is that sensitive national security work is often done in lesser-known corners of the U.S. government.
What’s next: It’s a strong bet there are other shoes waiting to drop.
Be smart: As stunning as the hack’s apparent success may be, the effort behind it is par for the course in the world of cyber espionage. The general public just rarely gets a glimpse into the machinery of modern spying.
|