U.S. Government Agencies Infiltrated by Hackers
While the world continues to struggle through the COVID-19 pandemic, recent information about the U.S.’s cybersecurity has invoked the attention of government agencies. According to the Washington Post and Bloomberg, there have been reports of Russian hackers breaching the U.S.’s cyber networks, which has left several government agencies including the U.S. treasury and commerce departments. Telecommunication companies like Microsoft and Solar Wind have also reported that intruders were able to view source code and engineering systems within the companies’ network. Microsoft’s source code is especially vulnerable, as it is the foundation for the creation of different products and reveals how Microsoft’s computer programming functions. When Russian hackers viewed the source code, they gained crucial intel on how to exploit Microsoft’s main network.
In the case of SolarWind, a software company, Russian hackers were able to initiate a “supply-chain attack” by breaching SolarWind’s cyber defence and accessing the program that SolarWind uses to provide updates to its users. The specific program that was hacked was named Orion, an IT administration platform. Concerningly, Orion is used by thousands of companies around the world including the top 10 biggest telecommunication networks in the U.S. and 425 companies in the Fortune 500.
These cybersecurity breaches are shocking and wide-sweeping. It encompasses a broad range of industries and threatens the safety of American citizens’ personal data. While the U.S. has confirmed that the attacks were carried about by Russian hackers, the Russian government has profusely denied engaging in such actions. Russia stated that "Malicious activities in the information space contradict the principles of the Russian foreign policy, national interests and our understanding of interstate relations," the embassy said, adding, "Russia does not conduct offensive operations in the cyber domain." Nevertheless, it is quite apparent that the U.S.’s cybersecurity was not as strong as most people thought it out to be. The same group of hackers, which go by the name APT29 or Cozy Bears, have carried out similar attacks in the past. In 2015, the group was able to garner crucial information about the Presidential election by gaining access to the Democratic National Convention’s email systems. In July of 2020, the group targeted vaccine development and breached the U.K.’s systems using phishing. These attacks by APT 29 and other Russian agencies are attempts to steal intellectual property that will eventually benefit the Russian government. Until the U.S. discovers a new solution to strengthen its cybersecurity, these issues will continue to persist.
Sources Cited:
APT29 targets COVID-19 vaccine development. (2020, July 20). Retrieved from https://www.securitymagazine.com/articles/92870-apt29-targets-covid-19-vaccine-development
Brandom, R. (2020, December 15). SolarWinds hides list of high-profile customers after devastating hack. Retrieved from https://www.theverge.com/2020/12/15/22176053/solarwinds-hack-client-list-russia-orion-it-compromised
Chappell, B., Myre, G., & Wamsley, L. (2020, December 21). What We Know About Russia's Alleged Hack Of The U.S. Government And Tech Companies. Retrieved from https://www.npr.org/2020/12/15/946776718/u-s-scrambles-to-understand-major-computer-hack-but-says-little
Ellen Nakashima, C. T. (2020, December 14). Russian government hackers are behind a broad espionage campaign that has compromised U.S. agencies, including Treasury and Commerce. Retrieved from https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
Hautala, L. (n.d.). Russia has allegedly hit the US with an unprecedented malware attack: Here's what you need to know. Retrieved from https://www.cnet.com/news/solarwinds-hack-officially-blamed-on-russia-what-you-need-to-know/
Microsoft Says Suspected Russian Hackers Viewed Source Code. (n.d.). Retrieved from https://www.bloomberg.com/news/articles/2020-12-31/microsoft-says-suspected-russian-hackers-viewed-source-code?srnd=code-wars&sref=8QJ2aO77