U.S. Security Agencies: Massive Computer Hack Is ‘Likely Russian’

Enlarge this image

Fireworks explode over the Kremlin and Red Square during New Year’s celebrations on Jan. 1 in Moscow. The U.S. government says a widespread computer incursion into U.S. government and private computer networks was likely carried out by Russia.

Pavel Golovkin/AP

hide caption

toggle caption

Pavel Golovkin/AP

Technology
What We Know About Russia’s Alleged Hack Of The U.S. Government And Tech Companies

The following day, President Trump tweeted that China might be behind the hack, but he offered no evidence and otherwise has said almost nothing about the episode.

Some 18,000 entities — including U.S. government agencies and private organizations — had their computer networks compromised as the hackers hid malware inside a software update provided by the Texas company SolarWinds.

The statement said «fewer than 10 U.S. government agencies have been hit, though it did not describe the extent of the damage.

The statement did not name the agencies, but several have been identified previously, including the departments of Treasury, Commerce, State, Homeland Security, as well as the U.S. Postal Service and the National Institutes of Health.

Some U.S. government agencies have said previously that the hackers entered email accounts, but it’s still not clear whether they broke into classified systems.

Hallmarks of Russia

«At this time, we believe this was, and continues to be, an intelligence gathering effort, the security agencies said in the statement. This suggests the hackers wanted to gather as much information as possible about the inner workings of U.S. government agencies, but they were not trying to disrupt government operations.

Cyber experts have said that the operation has the hallmarks of Russia’s foreign intelligence service, the SVR, whose hackers are known as Cozy Bear.

Russia has denied any involvement.

The episode is the latest in a long list of suspected Russian electronic incursions into other nations under President Vladimir Putin. Multiple countries have previously accused Russia of using hackers, bots and other means in attempts to influence elections in the U.S. and elsewhere.

U.S. national security agencies made major efforts to prevent Russia from interfering in the 2020 election. But those same agencies were apparently blindsided by the hackers who spent months digging around U.S. government systems before they were detected.

Technology
Top Cyber Firm, FireEye, Says It’s Been Hacked By A Foreign Govt.

Breach dates back months

The hackers breached the computer systems as early as March of last year, or perhaps even earlier. The U.S. cybersecurity firm FireEye was the first to detect the hack, issuing a Dec. 8 statement saying it found that its own systems had been breached.

«Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities, Kevin Mandia, the company’s chief executive, said at the time.

«The attackers tailored their world-class capabilities specifically to target and attack FireEye, he added. «They used a novel combination of techniques not witnessed by us or our partners in the past.

Microsoft, which is helping investigate the hack, said last month it had identified 40 government agencies, companies and think tanks that have been infiltrated. While more than 30 victims are in the U.S., organizations were also hit in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

The New York Times reported on Saturday that the number of organizations hit may have now reached 250.

Greg Myre is an NPR national security correspondent. Follow him @gregmyre1.