Both the National Nuclear Security Administration and US Energy Department reported evidence of hackers accessing their networks during a security breach including numerous federal agencies. The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-01 Sunday night, reporting a known compromise for only the fifth time since the Cybersecurity Act of 2015.
Politico reported, “On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by Rocky Campione, the chief information officer at DOE.
“They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation at NNSA, and the Richland Field Office of the DOE.”
Though the official report states the breach did not impact mission-official national security and was isolated only to business networks, many are clearly concerned about the timing and nature of the hacking efforts.
ThreatPost, a cybersecurity news site, reported, “The known attack vector for the incident is SolarWinds’ Orion network management platform, whose users were infected by a stealth backdoor that opened the way for lateral movement to other parts of the network. It was pushed out via trojanized product updates to almost 18,000 organizations around the globe.”
Interestingly, this hack took place shortly after CISA Chief Christopher Krebs was fired after calling the 2020 election “the most secure in the election history.” Krebs argued to debunk Trump’s election fraud allegations, despite mounting evidence of both software manipulation and offline voter fraud.
Many initial reports blame Russian sources, though no evidence regarding the identity of the hackers has been released. Neither has a group yet to publicly claim responsibility for the act. Russia has denied any involvement in the attack.
Reuters News Agency reported the hackers “backed by a foreign government have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.”
An anonymous source told Reuters the breach targeted Microsoft’s Office 365, and staff emails were monitored for months. “The hackers are ‘highly sophisticated’ and have been able to trick the Microsoft platform’s authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press.”
What is being done in response? John Ullyot, a National Security Council spokesman, stated, “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation.” In other words, the public is being told nothing. Everything is okay. Nothing to see here. Don’t worry.
Unfortunately, there is a lot to see here. If hackers have really been able to monitor email among Nuclear Security Administration staff for months, there just might be a problem with what was passed along. Also, isn’t Microsoft Office 365 a product under the control of founder Bill Gates, who just happens to be a leading voice behind the coronavirus vaccine and in discussion for a Biden cabinet position?
If security is a top priority of the national government, our nation is clearly in trouble. Let’s hope Team Trump can find a way to turn the election battle around and do something before Biden and Harris take over. The nation’s enemies may not need hackers at that point, as they can buy their way to influence US government.