Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Official: Number of Victims of Russian Hack Likely to Grow

The number of federal agencies and private companies who learn that they have been affected by a massive Russian hack is expected to grow as the investigation into it continues, the U.S. government’s chief counterintelligence official said Tuesday.

The number of federal agencies and private companies who learn that they have been affected by a massive Russian hack is expected to grow as the investigation into it continues, the U.S. government’s chief counterintelligence official said Tuesday.

The FBI and other agencies last week attributed the intrusions to Russia as part of what officials described as an intelligence-gathering operation rather than an effort to damage or disrupt U.S. government operations. U.S. officials said at the time that fewer than 10 federal agencies were believed to have been compromised “by follow-on activity on their systems.”

William Evanina, the director of the U.S. National Counterintelligence and Security Center, said in a live-stream Washington Post interview that he expected to see a “growth” in the number of victims.

Continuous Updates: Everything You Need to Know About the SolarWinds Attack

So far, the list of agencies known to have been affected includes the Treasury, Commerce and Justice departments, among others.

“I think this will expand accordingly as we identify” additional victims, Evanina said. “I think the hard part for the investigators is we don’t know what we don’t know, but I think this will continue to grow.”

The hacking campaign was extraordinary in scale, with the intruders having stalked through government agencies, defense contractors and telecommunications companies for months by the time it was discovered. Experts say that gave the foreign agents ample time to collect data that could be highly damaging to U.S. national security, though the scope of the breaches and exactly what information was sought is unknown.

An estimated 18,000 organizations were affected by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.

On Monday, SolarWinds said its investigation found evidence the campaign began in September 2019, with the hackers injecting test code that month. The hackers’ patience was impressive. The malicious code that allowed backdoors to be surreptitiously opened on SolarWinds customers had been hidden in an upgrade by the end of February that was delivered to clients beginning the next month.

It would not be discovered for another nine months.

Related: New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds

Related: Investigation Launched Into Role of JetBrains Product in SolarWinds Hack

 

Related: SolarWinds Taps Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos

Written By

Click to comment

Expert Insights

Related Content

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Incident Response

Cygnvs emerges from stealth mode with an incident response platform and $55 million in Series A funding.

Incident Response

A new Mississippi Cyber Unit will be the state’s centralized cybersecurity threat information, mitigation and incident reporting and response center.

Funding/M&A

Thoma Bravo will spend $1.3 billion to acquire Canadian software firm Magnet Forensics, expanding a push into the lucrative cybersecurity business.

Data Breaches

T-Mobile disclosed another massive data breach affecting approximately 37 million customer accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Albanian prosecutors on Wednesday asked for the house arrest of five public employees they blame for not protecting the country from a cyberattack by...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...