The recent cyber attack against the US Government is the largest breach in the nation’s security industry. Investigations will continue deep into 2021. It will take at least that long to reverse engineer a cyber attack so sophisticated, even cybersecurity experts are shaking their heads in awe and disbelief.
In March 2020, a malicious code was injected into the U.S government’s internal systems through an IT update from its network-monitoring vendor, SolarWinds.
The attackers used a supply chain method of attack, where malicious code is introduced into a system through a compromised third-party.
The cyber attackers accessed the Microsoft Office 365 account of the National Telecommunications and Information Administration (NTIA), uncovering a swathe of internal communications between several federal agencies.
What do we know?
So far, it has been discovered that six U.S Government departments have been breached, including:
- The Department of Energy
- The National Nuclear Security Administration
- The U.S Department of State
- The U.S Department of Commerce
- The U.S Department of the Treasury
- The Department of Homeland Security
Microsoft President Brad Smith said that 80% of the affected victims are located in the United States, with the remaining 20% spread across, Spain, Israel, United Kingdom, Belgium, and the United Arab Emirates.
Thomas Rid, a Political Science Professor specializing in Cybersecurity issues, described this attack as “highly sophisticated” and “stealthy.”
The benefit of such delicate clandestine attacks is that they don’t follow the classical cyber attack model of aggressive exfiltration. The sinister downside, however, is that such attacks tend to target specific information only.
What is speculated?
Mounting evidence suggests that Russia was responsible for the attack, though the nation explicitly denies any involvement.
Andrei Soldatov told the Guardian that the hack was most likely a joint effort between Russia’s foreign intelligence outfit SVR (the successor to the KGB), and FSB, the domestic spy agency Putin led before he became Prime Minister and President.
FSB hackers, known as Cozy Bear or APT29 (Advanced Persistent Threat 29), were responsible for the Democratic National Committee breach in 2015.
Jeremy Bash, former Chief of staff to the CIA and Department of Defence, confirmed this cyberattack contained APT29 signatures.
The cyber attackers were very specific with the intelligence they penetrated. Investigations are slowly uncovering and mapping the digital tracks of the threat actors to discover the specific sectors they were targeting.
Recent findings uncovered highly suspicious activity in the internal networks of the Federal Energy Regulatory Commission (FERC).
The FERC stores sensitive power grid displacement data across the United States. While the motivation behind this particular breach isn’t conclusive, this could have been a reconnaissance mission to plan a future disruption to the nation’s electricity network.
Given the unfamiliar complexity of this cyberattack, at this point experts can only speculate the complete depth of compromised data. Microsoft described this attack as “remarkable for its scope”, a chilling foreboding of eventual investigation findings.