Apparently not content with having penetrated the networks of such insignificant federal agencies such as the U.S. Department of State, Department of Homeland Security, and that agency that maintains our nuclear arsenal, hackers in the “SolarWinds” affair also went after NASA and the Federal Aviation Administration, according to a new report from the washington post.
The report comes shortly after a briefing last week when White House National Security Advisor Anne Neuberger explained that approximately 100 different companies and a total of nine federal agencies had been successfully “compromised” by foreign hackers. The foreign intrusion campaign (probably “Russian in origin,” as officials have put it) is believed to be the largest in US history.
The Neuberger update was the first official account provided by the Biden administration on the extent to which government networks had been breached. At the time of their comments, all but two of those nine agencies had already been targeted (including: the State Department, DHS, and the Departments of Energy, Justice, Commerce, the Treasury, and the National Institutes of Health). Now, the Washington Post appears to have identified the laggards. According to the newspaper report:
Last week, Neuberger said the government discovered that the computer systems of nine federal agencies were compromised. She did not name them, but The Post has confirmed the identities with US officials. They include NASA and the Federal Aviation Administration, which have not previously been publicly identified.
It is unknown what kind of access the hackers may have had to any of the agencies. Nevertheless, Officials have said that, in cases where the gthe government was violated, All stolen data was unclassified and operating systems were never accessed. NASA reportedly told the newspaper that they are continuing to work with the US cyber agency CISA on “mitigation efforts to protect NASA’s data and network.” We have reached out to NASA and the FAA for comment and will update if they respond.
The disclosures add little to the overall “SolarWinds” narrative, but underscore the scope of intelligence-gathering operations conducted against US targets by foreign operators. They also evoke speculation about the potential harm that a more dire cyber campaign could cause. In fact, it’s not exactly comforting to imagine hackers targeting the federal agency charged with making sure planes don’t crash.
Details about the breaches have continued to emerge steadily, as federal investigations into the intrusions mount. Since the US has tentatively blamed Russia for the attacks (some reports have shown that China may also be involved), it is reported that the Biden administration preparing sanctions in retaliation.
On Tuesday, the US Senate Select Committee on Intelligence held one of several recent hearings on the matter, with representatives from many of the campaign’s target IT companies (including SolarWinds, Microsoft, FireEye and CrowdStrike). The hearing yielded little new information, but committee chair Sen. Mark Warner perhaps best summed up the general concerns about “SolarWinds” as follows:
One of the reasons the SolarWinds hack has been especially concerning is that it was not detected by the multi-billion dollar US government cybersecurity company, or anyone else, until the private cybersecurity company FireEye publicly announced that it had detected a breach of its own network by “nation-state” Intruder. A big question looming in my mind is: if FireEye hadn’t detected this engagement in December… would we still be in the dark today?
It’s a good point. How was this US national security status lost? Why were hackers allowed to gain as much ground as they? We will probably have to stay calm for that. Officials have said that probably take months for a full investigation.