U.S Government cyber attack largest breach in the nation's history

Edward Kost
Edward Kost
December 22, 2020

The recent cyber attack against the US Government is the largest breach in the nation’s security industry. Investigations will continue deep into 2021. It will take at least that long to reverse engineer a cyber attack so sophisticated, even cybersecurity experts are shaking their heads in awe and disbelief.

What happened?

In March 2020, a malicious code was injected into the U.S government’s internal systems through an IT update from its network-monitoring vendor, SolarWinds.

The attackers used a supply chain method of attack, where malicious code is introduced into a system through a compromised third-party

The cyber attackers accessed the Microsoft Office 365 account of the National Telecommunications and Information Administration (NTIA), uncovering a swathe of internal communications between several federal agencies.

What do we know?

So far, it has been discovered that six U.S Government departments have been breached, including:

  • The Department of Energy
  • The National Nuclear Security Administration
  • The U.S Department of State
  • The U.S Department of Commerce
  • The U.S Department of the Treasury
  • The Department of Homeland Security

Microsoft President Brad Smith said that 80% of the affected victims are located in the United States, with the remaining 20% spread across, Spain, Israel, United Kingdom, Belgium, and the United Arab Emirates.

Thomas Rid, a Political Science Professor specializing in Cybersecurity issues, described this attack as “highly sophisticated” and “stealthy.”

The benefit of such delicate clandestine attacks is that they don’t follow the classical cyber attack model of aggressive exfiltration. The sinister downside, however, is that such attacks tend to target specific information only. 

What is speculated?

Mounting evidence suggests that Russia was responsible for the attack, though the nation explicitly denies any involvement. 

Andrei Soldatov told the Guardian that the hack was most likely a joint effort between Russia’s foreign intelligence outfit SVR (the successor to the KGB), and FSB, the domestic spy agency Putin led before he became Prime Minister and President.

FSB hackers, known as Cozy Bear or APT29 (Advanced Persistent Threat 29), were responsible for the Democratic National Committee breach in 2015.

Jeremy Bash, former Chief of staff to the CIA and Department of Defence, confirmed this cyberattack contained APT29 signatures.

The cyber attackers were very specific with the intelligence they penetrated. Investigations are slowly uncovering and mapping the digital tracks of the threat actors to discover the specific sectors they were targeting.

Recent findings uncovered highly suspicious activity in the internal networks of the Federal Energy Regulatory Commission (FERC). 

The FERC stores sensitive power grid displacement data across the United States. While the motivation behind this particular breach isn’t conclusive, this could have been a reconnaissance mission to plan a future disruption to the nation’s electricity network.

Given the unfamiliar complexity of this cyberattack, at this point experts can only speculate the complete depth of compromised data. Microsoft described this attack as “remarkable for its scope”, a chilling foreboding of eventual investigation findings.

How secure is SolarWinds?

SolarWinds provides IT monitoring and management tools built for SysAdmins and network engineers.
  • Check icon
    View our free preliminary report on SolarWinds’s security posture
  • Check icon
    13 risk factors, including email security, SSL, DNS health, open ports and common vulnerabilities
Security ratings
Abstract shape
Deliver icon

Sign up for our newsletter

Stay up-to-date on everything UpGuard with our monthly newsletter, full of product updates, company highlights, free cybersecurity resources, and more.
UpGuard customer support teamUpGuard customer support teamUpGuard customer support team

Protect your organization

Get in touch or book a free demo.
Free instant security score

How secure is your organization?

Request a free cybersecurity report to discover key risks on your website, email, network, and brand.
  • Check icon
    Instant insights you can act on immediately
  • Check icon
    Hundreds of risk factors including email security, SSL, DNS health, open ports and common vulnerabilities
Website Security scan resultsWebsite Security scan rating