Cyberattack on US federal agencies: How it came to light? When was security compromised?

In one of the latest blows to US President Donald Trump’s administration in its closing days, as many as 12 federal agencies are crippling with a massive cyberattack which is reportedly described as the biggest breach in several years. Triggering speculation of Russian hackers’ involvement, US officials have reportedly said that the hacks have been ongoing for several months allowing the ones who breached the websites to monitor as well as read US’ confidential emails. 

Among the impacted agencies are the US Treasury Department, the US Department of Commerce, the Department of Defense, the State Department and National Institutes of Health with their security being compromised. Recently, the FBI called the cyberattacks “a developing situation”. In a joint statement, FBI, CISA and ODNI said on December 16  that they are putting together a unified response to the breaches while understanding its effect on the networks within the agencies. 

How did the cyberattack come to notice? When did it start?

The attack reportedly came to the notice of intelligence officers after being discovered by a cybersecurity company called FireEye. As per reports, it started back in March when the nation along with the entire world was rocked with rising infections of COVID-19. The hackers managed to insert malware into software updates that were reportedly being sent to the US government as well as its partners in the private sectors through an IT company named Solar Winds. 

Solar Winds, whose clients range from US federal agencies and other associated companies, has said that it believes fewer than 18,000 systems have been compromised. Recently, in the wake of the cyberattacks,  the Cybersecurity and Infrastructure Security Agency (CISA) on December 12 reportedly ordered the federal agencies to stop using SolarWinds Orion IT products.

It had also said that cyberattackers had used a recent update to get access to internal communications. CISA Acting Director Brandon Wales had reportedly urged all agency partners in both private and public sectors to “assess their exposure to this compromise and to secure their networks.”

Read - US Department Of Homeland Security Becomes Latest Target Of Cyberattack: Report

Read - Major Norway Cruise Line Hurtigruten Hit By Cyberattack

Who is behind the attacks?

Meanwhile, even SolarWinds had admitted this weekend that hackers had exploited a backdoor in the update of its software that was released between March and June this year. The US media outlet had linked the hack that occurred over the weekend to a group working for the Russian foreign intelligence service. However, the FBI has reportedly launched an investigation into the group that is known as APT29 or ‘Cozy Bear’ among the private sector cybersecurity firms. 

These hackers are reportedly believed to have targeted the US State Department, Joint Chiefs of Staff and the White House networks during the administration of former US President Barack Obama. The same Russian group is also reportedly thought to have carried out the break-in during 2016 US Presidential Election. 

Calling the recent significant cyberattacks on US federal agencies “a developing situation”, FBI, CISA and ODNI jointly said on December 16 that they are putting together a unified response to the breaches while understanding its effect on the networks within the agencies. 

Read - FBI Says Significant Cyberattacks On US Federal Agencies Still Underway, Plans Response

Read - Trump Quiet On Significant Cyberattacks On US Federal Agencies Posing 'grave Risk': Report