Skip to main content

Trump slams Pompeo for blaming Russia for huge cyber attack as he breaks his silence to say CHINA could be responsible and that voting machines may have been hit - but claims it is 'well under control'

Donald Trump has hit out at Secretary of State Mike Pompeo for blaming Russia for the huge cyber attack on the US.

Tagging Pompeo, the president tweeted Saturday that China was behind the unprecedented hack on US government agencies and private sector firms, after the Secretary of State said on Friday that the Kremlin was to blame.

'There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo,' he wrote, also tagging Director of National Intelligence John Ratcliffe.

'There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo,' he wrote on Saturday, in a public display that he disagreed with his two top officials. 

While the nation's cybersecurity agency has described the breach as a 'grave threat', Trump downplayed the hack which has compromised broad swathes of the federal government and private sector and has been described as the cyber equivalent of the attack on Pearl Harbor.

He brushed off its severity claiming it 'is far greater in the Fake News Media than in actuality' and insisted that 'everything is well under control'. 

Trump also once again pushed unfounded claims of widespread fraud in the presidential election, saying without evidence that voting machines could have been hacked.   

Donald Trump has broken his silence over the huge suspected Russian cyber attack claiming that China could be behind the attack, despite Secretary of State Mike Pompeo publicly blaming Russia the day before

Donald Trump has broken his silence over the huge suspected Russian cyber attack claiming that China could be behind the attack, despite Secretary of State Mike Pompeo publicly blaming Russia the day before

Trump tweeted claiming that China could be behind the attack, despite Secretary of State Mike Pompeo publicly blaming Russia the day before

Trump tweeted claiming that China could be behind the attack, despite Secretary of State Mike Pompeo publicly blaming Russia the day before

GOVT AGENCIES KNOWN TO HAVE BEEN TARGETED BY HACKERS SO FAR

'The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,' he tweeted.

'Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).' 

Trump's fresh attack on China comes as tensions have escalated between the two nations this year as the president has accused President Xi Jinping of a 'cover-up' of the pandemic and insists on calling coronavirus  'the China virus'. 

Meanwhile, Trump has something of a close relationship with Russian President Vladimir Putin and has often refrained from criticizing his actions where other nations have.

Trump refused to accept findings of the Mueller report that Russia interfered in the 2016 presidential election, while his response to the recent poison attack on Putin's opponent Alexey Navalny was that China is 'far worse.'

There have been no reports of any involvement of Beijing in the cyber attack and Trump provided no information or evidence as to why he thought China may be involved.  

He continued in a follow-up post claiming without evidence that voting machines may have been hacked and that he 'won big' in the election. 

Twitter marked this tweet with a warning stating that 'Election officials have certified Joe Biden as the winner of the U.S. Presidential election.'

His comments come just hours after Pompeo became the first US official to publicly attribute the massive hacking campaign to Russia.

'There was a significant effort to use a piece of third-party software to essentially embed code inside of US government systems,' Pompeo told The Mark Levin Show on Friday.

'This was a very significant effort, and I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity.'

Even before Pompeo's comments, Russia was thought to be behind the attack. 

Donald Trump and China's President Xi Jinping. Trump hit out at China claiming the nation could be behind the attack

Donald Trump and China's President Xi Jinping. Trump hit out at China claiming the nation could be behind the attack

Pompeo (pictured with his wife Susan) became the first US official to publicly attribute the massive hacking campaign to Russia Friday

Pompeo (pictured with his wife Susan) became the first US official to publicly attribute the massive hacking campaign to Russia Friday 

Several private security companies said the breach bears the hallmarks of a Kremlin operation. 

Some have pointed at the Russian hacking cell dubbed 'Cozy Bear' - though other experts argue that the tools and methods used in the new attack are different from any past breach, making attribution tricky. 

On Saturday Republican Senator Marco Rubio also pointed the finger at Russia tweeting that: 'The methods used to carry out the cyberhack are consistent with Russian cyber operations.' 

Russian President Vladimir Putin's spokesman denied Kremlin involvement, and the Russian embassy said in a statement that the country 'does not conduct offensive operations in the cyber domain.'  

Meanwhile, Ratcliffe on Wednesday issued a statement revealing that the breach on government agencies was 'significant.' 

'This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,' he said. 

Trump has remained quiet on the cyber attack until now. He posted a Christmas card with Melania Trump Friday but again provided no comment on the hack.

Sources told CNN Saturday that the White House had prepared a statement blaming Russia for the attack and planned to release it Friday afternoon but were ordered not to. 

The insiders said the statement said Russia was responsible but that the government could not yet rule out involvement from others.

They said they were not told why the statement was not released.  

His silence did not go unnoticed with Democrats in Congress blasting Trump for failing to address the issue and demanding a harsh response on the perpetrators.  

'Our nation is under assault. This cyberattack could be the largest in our history. We don't yet know the extent of the damage, but we know that we weren't prepared & have our work cut out for us,' tweeted Rep. Jason Crow, a Colorado Democrat Friday.

'We can't wait for leadership, we need it now. @realdonaldtrump, where are you?'

Crow also likened the attack to Pearl Harbour in a follow-up tweet: 'The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor.'   

This heat map of infections created by Microsoft shows that those infiltrated by the hackers are spread out across the US

This heat map of infections created by Microsoft shows that those infiltrated by the hackers are spread out across the US

'Cozy Bear': The Russian hacker cell suspected in attack 

Russia denies involvement in the SUNBURST attack, but US officials say the nation is behind the 'Advanced Persistent Threat' that carried out the audacious breach.

Sources say that one top suspect is APT29, the Kremlin-linked group also known as Cozy Bear. 

Cozy Bear is best known as the group said to be responsible for the 2016 breach of the Democratic National Committee's servers.

Experts believe that Cozy Bear operates as part of one of Russia's intelligence agencies. 

Some doubt the attribution of SUNBURST to Cozy Bear, through, noting that the tools used in the attack have never been seen before.  

In contrast to Trump, President-elect Joe Biden issued a statement Thursday about the attack where he vowed to make cybersecurity 'imperative' when he takes office and said he would not 'stand idly by'.

'I want to be clear: My administration will make cybersecurity a top priority at every level of government - and we will make dealing with this breach a top priority from the moment we take office,' Biden said in a statement. 

'We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyberattacks.' 

While Trump attempted to brush off the severity of the hack, his comments come direct opposition to the concerns raised by top administration officials, politicians, tech giants and cybersecurity experts.  

The Cyber security and Infrastructure Security Agency said the attack posed a 'grave risk' to 'critical infrastructure' in both the public and private sector, and at all levels of government. 

'CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,' the agency said Thursday. 

A spokesman for Russian President Vladimir Putin denied Russia was behind the attack

A spokesman for Russian President Vladimir Putin denied Russia was behind the attack

'CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.'    

The agency also warned the sophisticated attack was hard to detect and will be difficult to undo. 

Senator Chris Coons, a Delaware Democrat, described the hack as an act of war telling MSNBC: 'It's pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war.'   

The sprawling attack compromised multiple government agencies, as well as a growing list of companies and local governments across the country. 

The two US agencies responsible for maintaining America's nuclear weapons stockpile have already said they were compromised in the attack. 

The attack also breached the Pentagon, FBI, Treasury and State Departments. 

Other victims to fall foul of the attack include the Pima County, Arizona governmen and cable television company Cox Communications Inc, according to Reuters. 

'The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor,' said Rep. Jason Crow, a Colorado Democrat

'The situation is developing, but the more I learn this could be our modern day, cyber equivalent of Pearl Harbor,' said Rep. Jason Crow, a Colorado Democrat

Senator Chris Coons, a Delaware Democrat, said: 'It's pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war'

Senator Chris Coons, a Delaware Democrat, said: 'It's pretty hard to distinguish this from an act of aggression that rises to the level of an attack that qualifies as war'

Microsoft said Friday it had already identified at least 40 government agencies and companies targeted by the hackers.  

A heat map of infections released by the tech giant, which has helped respond to the breach, shows that those infiltrated by the hackers are spread out across the US with agencies, companies and think tanks in New York, Washington DC and Texas among the hardest hit.   

Microsoft has not revealed the names of those infiltrated by the hackers but said nearly half were tech companies.  

The UK, Israel, Canada and the United Arab Emirates were also caught in the cross hairs. 

The breach was executed back in March and went undetected for nearly nine months fuelling concerns over the full extent of intelligence and top-secret information that may have fallen into the wrong hands.   

US officials on Friday revealed hackers had conducted a 'dry run' of their massive cyber attack more than a year ago.   

The hack involved a common software product made by Texas-based SolarWinds Corp, which is used by hundreds of thousands of organizations, ranging from government agencies to Microsoft and Fortune 500 companies. 

Trump posted this Christmas card photo on Friday with First Lady Melania as he continued to stay silent on the cyber attack

Trump posted this Christmas card photo on Friday with First Lady Melania as he continued to stay silent on the cyber attack

The hackers are believed to have targeted the company's network management software Orion back in October 2019, five months before executing the full-scale breach in March. 

A version of Orion was tampered with around that time, however it did not contain the secret network backdoor - which authorities are calling SUNBURST - at the time, according to the CISA. 

A source told Yahoo News it appears that the hackers wanted to do a test run to make sure the attack would 'work and whether it would be detected.' 

'They took their time. They decided to not go out with an actual backdoor right away. That signifies that they're a little bit more disciplined and deliberate,' the person added.    

SolarWinds, which disclosed its unwitting role at the center of the global hack on Monday, said up to 18,000 of its users downloaded a compromised update containing malicious code planted by the attackers. 

The company, which has come under scrutiny after investors offloaded shares in the days leading up to the attack, said the attack was the work of an 'outside nation state.' 

The true scale of who has been affected and what information has been stolen in the massive attack may never be known, officials and experts say. 

Experts say there simply are not enough skilled threat-hunting teams to properly identify all the government and private-sector systems that may have been hacked, and warn infected networks may have to be 'burned to the ground' and rebuilt from scratch. 

--------------------------------------------------------------------------------------------------------------------- 

Marco Rubio has demanded that the United States retaliate with more than sanctions for a massive cyber attack on the Pentagon, FBI and nuclear programs, which he said was likely carried out by Russia. 

On Friday Mike Pompeo, the Secretary of State, became the first U.S. official to publicly attribute a massive hacking campaign to Russia, after broad swathes of the federal government and private sector were revealed to be compromised. 

Later on Friday night Rubio, the acting chairman of the Senate Intelligence Committee, urged a strong response. 

'The methods used to carry out the cyberhack are consistent with Russian cyber operations,' he tweeted.  

'But it's crucial we have complete certainty about who is behind this. We can't afford to be wrong on attribution, because America must retaliate, and not just with sanctions.'  

The huge security breach, which is believed to have begun in the spring and gone undetected for months, is thought to have been so sophisticated that only a state-sponsored actor could pull it off.

The Russians are automatically the prime suspect for attacks of this scale and audacity and Pompeo said Friday the Kremlin was behind the attack. 

Marco Rubio on Friday night called for 'retaliation' beyond sanctions for the cyber attack

Marco Rubio on Friday night called for 'retaliation' beyond sanctions for the cyber attack

The Cybersecurity and Infrastructure Security Agency said the attack compromised federal agencies' 'critical infrastructure' in a manner that was hard to detect and will be difficult to undo.

It means that calculating the true size of the attack will be difficult. 

The sprawling attack, which went undetected for nearly nine months, compromised the Departments of Homeland Security, Justice, Treasury, State and Energy, as well as a growing list of companies and local governments across the country. 

Officials with the nation's cybersecurity agency warn that the breach could be difficult to undo, saying the hackers 'demonstrated sophistication and complex tradecraft' and that it was likely that they had built additional secret backdoors while active inside the compromised networks.  

Before Saturday Trump had remained silent over the attack. He was being briefed 'as needed,' White House spokesman Brian Morgenstern told reporters on Friday. 

National security adviser Robert O'Brien was leading interagency meetings daily, if not more often, he said.

Secretary of State Mike Pompeo has become the first U.S. official to publicly attribute a massive hacking campaign to Russia. He is seen above with Putin in 2019

Secretary of State Mike Pompeo has become the first U.S. official to publicly attribute a massive hacking campaign to Russia. He is seen above with Putin in 2019

'They're working very hard on mitigation and making sure that our country is secure. We will not get into too many details because we're just not going to tell our adversaries what we do to combat these things,' Morgenstern said.

The Democratic chairs of four House committees given classified briefings on the hack by the Trump administration issued a statement complaining that they 'were left with more questions than answers.'

'Administration officials were unwilling to share the full scope of the breach and identities of the victims,' they said.

Morgenstern said earlier that disclosing such details only helps U.S. adversaries.

The long-term planning of the attack became clear on Friday, as officials said that the hackers appeared to have conducted a dry run over a year ago, testing their ability to insert malicious code into network management software from SolarWinds Corp, which was later delivered to some 18,000 of the company's customers.  

Private security companies say that the breach bears the hallmarks of a Kremlin operation. 

Some have pointed at the Russian hacking cell dubbed 'Cozy Bear' -- though other experts argue that the tools and methods used in the new attack are different from any past breach, making attribution tricky.

SolarWinds timeline: Company stocks and when they discovered attack 

March: Updated versions of SolarWinds premier product, Orion, are infiltrated by an 'outside nation state'

SolarWinds customers who installed updates to their Orion software were unknowingly welcoming hidden malicious code that could give intruders the same view of their corporate network that in-house IT crews have

November 18 and 19: Outgoing CEO Kevin Thompson sells $15m in shares

December 7: Leading investors Silver Lake and Thoma Bravo sell $280m shares from SolarWinds

December 7: CEO Kevin Thompson resigns. His transition had already been announced but no set date given 

December 8: FireEye announces hackers broke into its servers

December 9: New CEO Sudhakar Ramakrishna announced to take over from Thompson in 2021 

December 11: FireEye claims it became aware that SolarWinds updates had been corrupted and contacted the company  

December 13: The infiltration of Orion becomes public

The US issues an emergency warning, ordering government users to disconnect SolarWinds software which it said had been compromised by 'malicious actors'

The Pentagon, the State Department and the National Institutes of Health, as well as the Treasury, Commerce and Homeland Security departments reveal they were targeted

'At the moment, there are no technical links with previous attacks, so it may be an entirely new actor,' security firm Kaspersy said in a blog post. 

FireEye, the cybersecurity company that discovered the intrusion into U.S. agencies and was among the victims, has already tallied dozens of casualties. It's racing to identify more.

'We have a serious problem. We don't know what networks they are in, how deep they are, what access they have, what tools they left,' said Bruce Schneier, a prominent security expert and Harvard fellow.

The only way to be sure a network is clean is 'to burn it down to the ground and rebuild it,' Schneier said.

He compared the situation to learning that a serial killer has been inside your house, with his own key. 'You don't know if he's gone. How do you get work done? You kind of just hope for the best,' he said.

Many federal workers - and others in the private sector - now must presume that unclassified networks are teeming with spies. 

Agencies will be more inclined to conduct sensitive government business on Signal, WhatsApp and other encrypted smartphone apps.

'We should buckle up. This will be a long ride,' said Dmitri Alperovitch, co-founder and former chief technical officer of the leading cybersecurity firm CrowdStrike. 'Cleanup is just phase one.  

Meanwhile, Microsoft President Brad Smith called the attack a 'moment of reckoning' that 'illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous.' 

Microsoft, one of the thousands of companies to receive the malicious update, said it had notified more than 40 customers around the world whose networks were infiltrated by the hackers. 

The list of victims includes not only government agencies, but security and other technology firms as well as think tanks and government contractors. 

'The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,' Smith wrote in a blog post.

'The coming months will present a critical test, not only for the United States but for other leading democracies and technology companies,' he added.   

How hackers managed to install a secret backdoor in software used by hundreds of thousands of government departments and companies

The hack began as early as March this year when hackers snuck malicious code into recent versions of SolarWinds' premier software product, Orion.

The popular software tool helps organizations monitor the performance of their computer networks and servers.

Hackers managed to install a secret network backdoor - which authorities are calling SUNBURST - into Orion's software updates.

Its centralized monitoring looks for problems in an organization's computer networks, which means that breaking in gave the attackers a 'God-view' of those networks. 

It is not yet clear how hackers managed to infiltrate SolarWinds and go undetected for nine months.  

During this time-frame, as many as 18,000 SolarWinds customers - including federal agencies and major companies - downloaded the compromised updates that contained the back door. 

The software update became an instrument for hackers to steal information undetected for nine months. 

Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down, the Cybersecurity and Infrastructure Security Agency has since revealed.  

The initial contact domain would often direct the malware to a new internet protocol address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target's home country to make detection of the traffic more difficult. 

CISA said that once inside a network, the hackers focused on gathering information and frequently targeted the emails of IT and security staff to monitor any countermeasures. 

The hackers are feared to have had access to government emails as far back as June.  

SolarWinds: The Texas company at the center of the biggest attack in American history

Before this week, few people were aware of SolarWinds, the Austin-based software company providing vital computer network monitoring services to major corporations and government agencies worldwide. 

But the revelation that elite cyber spies have spent months secretly exploiting SolarWinds' software to peer into computer networks has put many of its highest-profile customers in national governments and Fortune 500 companies on high alert. 

It's also raising questions about whether company insiders knew of its security vulnerabilities as its biggest investors sold off stock. 

The hack began as early as March this year when hackers snuck malicious code into recent versions of SolarWinds' premier software product, Orion. The Austin-based software company provides vital computer network monitoring services to major corporations and government agencies worldwide

The hack began as early as March this year when hackers snuck malicious code into recent versions of SolarWinds' premier software product, Orion. The Austin-based software company provides vital computer network monitoring services to major corporations and government agencies worldwide

A SolarWinds SEC filing from December 7 - just days prior to the hack emerging -revealed that the company's board had appointed a replacement CEO.  

SolarWinds' longtime CEO, Kevin Thompson, had months earlier indicated that he would be leaving at the end of the year as the company explored spinning off one of its divisions. 

The SolarWinds board appointed his replacement, current PulseSecure CEO Sudhakar Ramakrishna, on December 7, according to the financial filing. 

It was also on December 7 that the company's two biggest investors, Silver Lake and Thoma Bravo, which control a majority stake in the publicly traded company, sold more than $280 million in stock to a Canadian public pension fund. 

The two private equity firms in a joint statement said they 'were not aware of this potential cyberattack' at the time they sold the stock.   

Global alarm bells ring: How the hack was first discovered by a California cyber-security firm FireEye

The breach of SolarWinds' software was first discovered by one of its customers: The prominent cybersecurity firm FireEye.

The California-based cyber security firm, which is also a government contractor,  noticed a suspicious log-in on its network around December 8. 

SolarWinds timeline: Company stocks and when they discovered attack 

March: Updated versions of SolarWinds premier product, Orion, are infiltrated by an 'outside nation state'

SolarWinds customers who installed updates to their Orion software were unknowingly welcoming hidden malicious code that could give intruders the same view of their corporate network that in-house IT crews have

November 18 and 19: Outgoing CEO Kevin Thompson sells $15m in shares

December 7: Leading investors Silver Lake and Thoma Bravo sell $280m shares from SolarWinds

December 7: CEO Kevin Thompson resigns. His transition had already been announced but no set date given 

December 8: FireEye announces hackers broke into its servers

December 9: New CEO Sudhakar Ramakrishna announced to take over from Thompson in 2021 

December 11: FireEye claims it became aware that SolarWinds updates had been corrupted and contacted the company  

December 13: The infiltration of Orion becomes public

The US issues an emergency warning, ordering government users to disconnect SolarWinds software which it said had been compromised by 'malicious actors'

The Pentagon, the State Department and the National Institutes of Health, as well as the Treasury, Commerce and Homeland Security departments reveal they were targeted

FireEye says the attackers stole some of its 'red team' software, which mimics cyber-attacks to test the security of its clients' computers. 

Two lawmakers, who were briefed on the hack this week, told Politico that FireEye representatives said that one of their employees had apparently been duped into revealing their two-factor authentication security details.

Company officials have denied the account given by congressional staffers and said none of its employees were tricked.

FireEye said they caught the breach when hackers tried to register a new device on its systems, which tipped the company off to the wider cyber-attack. 

Following an investigation, FireEye say they determined that SolarWinds' Orion software had been hacked.    

'We initially detected the incident because we saw a suspicious authentication to our VPN solution,' a spokesperson has since said.  

'The attacker was able to enroll a device into our multi-factor authentication solution, and that generates an alert which we then followed up on.'  

They insist that the SolarWinds breach was the source of the attack against FireEye. 

Once it determined that there was a wider cyber-attack, a FireEye executive alerted SolarWinds on December 12 of the compromise. 

After learning of the SolarWinds breach, the National Security Council held an emergency meeting at the White House on December 12.  

The Cybersecurity and Infrastructure Security Agency and the FBI were brought in to investigate after some government agencies were confirmed to have been hacked. 

At this time, people with knowledge of the meeting reported that hackers believed to be working for Russia had been monitoring internal email traffic at the US Treasury and Commerce departments.

Sources told Reuters that they feared the hacks uncovered so far may have been be the tip of the iceberg.  

SolarWinds began alerting about 33,000 of its customers on December 13 that an 'outside nation state' - widely suspected to be Russia - had injected malicious code into some updated versions of its premier product, Orion.

The company said in a statement that updates to its monitoring software released between March and June of this year may have been subverted by what it described as a 'highly-sophisticated, targeted and manual supply chain attack by a nation state'. 

The Cybersecurity and Infrastructure Security Agency issued an emergency directive ordering federal agencies to 'disconnect or power down' the SolarWinds Orion software due to the breach. 

From US nuclear agencies and the FBI to Fortune 500: Who is known to have been targeted by hackers so far 

The list of victims continues to grow from the cyberattack that is being described as the biggest hack in American history.

The two US agencies responsible for maintaining America's nuclear weapons stockpile - Energy Department and the National Nuclear Security Administration - have already said they were compromised in the attack.  

The attack also breached the Pentagon, FBI, Treasury and State Departments.  

The DOE and the NNSA have warned Congress that their breached networks may include the Los Alamos National Laboratory, which conducts the government's most sensitive and advanced nuclear research, Politico reported.

The US has an estimated 5,800 nuclear warheads, some of which are on missiles and bombs ready for launch from submarines, airplanes and land-based missiles, while others are held in storage. Most however are in storage, retired, or being decommissioned. 

The FBI (right) was targeted and has moved routine communication onto classified networks that are believed not to have been breached

The FBI has moved routine communication onto classified networks that are believed not to have been breached, according to two people briefed on the measures.

Hacked: The Los Alamos National Laboratory in New Mexico conducts the government's most sensitive and advanced nuclear research

Hacked: The Los Alamos National Laboratory in New Mexico conducts the government's most sensitive and advanced nuclear research

Deterrent: Land-based Minuteman missiles are one of the three prongs of the nuclear triad. Experts now fear the agencies that maintain US nuclear stockpiles have been breached

Deterrent: Land-based Minuteman missiles are one of the three prongs of the nuclear triad. Experts now fear the agencies that maintain US nuclear stockpiles have been breached

Their status is one of the government's most closely-guarded secrets, as are efforts to create new weapons, which are part of the Los Alamos National Laboratory's work.

Another attack was found in a field office of the Energy Department in Richland, Washington state, which Politico reported could have been an effort to gather information on how to disrupt the national electricity grid.

The sprawling attack also compromised broad swathes of the private sector, including Microsoft and likely most of the Fortune 500. 

The true scale of who has been affected and what information has been stolen may never be known, officials and experts say.  

How hackers used legitimate software updates as camouflage for the 'SUNBURST' attack 

WHAT HAPPENED?

The hack began as early as March when malicious code was snuck into updates to popular software that monitors computer networks of businesses and governments. The malware, affecting a product made by U.S. company SolarWinds, gave elite hackers remote access into an organization's networks so they could steal information. 

It wasn't discovered until the prominent cybersecurity company FireEye determined it had been hacked. Whoever broke into FireEye was seeking data on its government clients, the company said - and made off with hacking tools it uses to probe its customers' defenses.

Its apparent monthslong timeline gave the hackers ample time to extract information from a lot of different targets.

FireEye executive Charles Carmakal said the company was aware of 'dozens of incredibly high-value targets' compromised' by the hackers and was helping 'a number of organizations respond to their intrusions.' 

He would not name any, and said he expected many more to learn in coming days that they, too, were infiltrated. 

WHAT IS SOLARWINDS? 

SolarWinds, of Austin, Texas, provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.

Its compromised product, called Orion, accounts for nearly half SolarWinds' annual revenue. The company's revenue totaled $753.9 million over the first nine months of this year. 

Its centralized monitoring looks for problems in an organization's computer networks, which means that breaking in gave the attackers a 'God-view' of those networks. 

HOW DID IT HAPPEN?

The US Cybersecurity and Infrastructure Security Agency on Thursday released an alert detailing what it knows about the breach, which has been called the biggest in US history.

CISA says that hackers were able to compromise the supply chain of network management software from SolarWinds, specifically recent versions of the SolarWinds Orion products. 

Beginning in March 2020, hackers used SolarWinds software updates to install a secret network backdoor, which authorities are calling SUNBURST.

The malicious code was signed by the legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.

Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down.

The initial contact domain would often direct the malware to a new internet protocol address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target's home country to make detection of the traffic more difficult.

'Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence,' CISA said in the alert.

CISA said that once inside a network, the hackers seemed focused on gathering information, and would frequently target the emails of IT and security staff to monitor any countermeasures.

Without offering further details, the agency warned that the hackers used 'other initial access vectors beyond SolarWinds Orion,' meaning even groups that do not use the network software could be compromised.

Popular posts from this blog

Study Abroad USA, College of Charleston, Popular Courses, Alumni

Thinking for Study Abroad USA. School of Charleston, the wonderful grounds is situated in the actual middle of a verifiable city - Charleston. Get snatched up by the wonderful and customary engineering, beautiful pathways, or look at the advanced steel and glass building which houses the School of Business. The grounds additionally gives students simple admittance to a few major tech organizations like Amazon's CreateSpace, Google, TwitPic, and so on. The school offers students nearby as well as off-grounds convenience going from completely outfitted home lobbies to memorable homes. It is prepared to offer different types of assistance and facilities like clubs, associations, sporting exercises, support administrations, etc. To put it plainly, the school grounds is rising with energy and there will never be a dull second for students at the College of Charleston. Concentrate on Abroad USA is improving and remunerating for your future. The energetic grounds likewise houses various
Read more

Best MBA Online Colleges in the USA

“Opportunities never open, instead we create them for us”. Beginning with this amazing saying, let’s unbox today’s knowledge. Love Business and marketing? Want to make a high-paid career in business administration? Well, if yes, then mate, we have got you something amazing to do!   We all imagine an effortless future with a cozy house and a laptop. Well, well! You can make this happen. Today, with this guide, we will be exploring some of the top-notch online MBA universities and institutes in the USA. Let’s get started! Why learn Online MBA from the USA? Access to More Options This online era has given a second chance to children who want to reflect on their careers while managing their hectic schedules. In this, the internet has played a very crucial in rejuvenating schools, institutes, and colleges to give the best education to students across the globe. Graduating with Less Debt Regular classes from high reputed institutes often charge heavy tuition fees. However onl
Read more

Sickening moment maskless 'Karen' COUGHS in the face of grocery store customer, then claims she doesn't have to wear a mask because she 'isn't sick'

A woman was captured on camera following a customer through a supermarket as she coughs on her after claiming she does not need a mask because she is not sick.  Video of the incident, which has garnered hundreds of thousands of views on Twitter alone, allegedly took place in a Su per Saver in Lincoln, Nebraska according to Twitter user @davenewworld_2. In it, an unidentified woman was captured dramatically coughing as she smiles saying 'Excuse me! I'm coming through' in the direction of the customer recording her. Scroll down for video An unidentified woman was captured dramatically coughing as she smiles saying 'Excuse me! I'm coming through' in the direction of a woman recording her A woman was captured on camera following a customer as she coughs on her in a supermarket without a mask on claiming she does not need one because she is not sick @chaiteabugz #karen #covid #karens #karensgonewild #karensalert #masks we were just wearing a mask at the store. ¿ o
Read more