U.S. Treasury Secretary Steve Mnuchin speaks in the East Room of the White House, April 28, 2020.
U.S. Treasury Secretary Steven Mnuchin said Monday (Dec. 21) that the recent hacking operation against U.S. government agencies is believed to be the largest ever. It affected the Treasury Department’s unclassified systems, but the department found no resulting damage.
Commenting on the massive hack, Mnuchin said, “We did not see anyone break into our classified systems. We did have some unauthorized access to our unclassified systems, but I would say the good news is that it did not cause damage, and we did not see any significant amount of information being transferred.”
Hackers used upgraded software from SolarWinds Orion network management software, which is widely used by government departments and is almost ubiquitous, to compromise many U.S. government agencies, including the Departments of Defense, State, Homeland Security, Energy, Treasury and Commerce, among others.
The hacking victims were all SolarWinds’ 18,000 global users who had installed the updated malware. The hack was first disclosed to the public by cybersecurity firm FireEye, itself a SolarWinds customer.
It is believed to be the largest hack ever discovered, prompting the U.S. government to form an interagency task force to address the threat.
In an interview with CNBC, Mnuchin said that addressing cyber threats “has been a big focus of this administration and the Treasury Department, and we have a large team focused on cyber.” He added, “We have the resources we need to protect the financial industry.”
The Cybersecurity and Infrastructure Security Agency (CISA) said last Thursday (Dec. 17) that the scale of the hacking operation against the federal government was larger than previously known.
Hackers gained backdoor access through more ways than they did using SolarWinds software.
In a statement, the Cybersecurity and Infrastructure Security Directorate said, “In addition to the SolarWinds Orion platform, the Cybersecurity and Infrastructure Security Directorate has obtained evidence of the existence of other initial access (Initial access) vectors, and further investigation is ongoing.”
Microsoft said Thursday it found malware in its systems. The company said about 30 customers from the United States were affected.
In a blog post, Microsoft President Brad Smith said, “The number and location of victims will certainly continue to grow.”
SolarWinds, which provides services to Fortune 500 companies and major U.S. government agencies, is facing increased scrutiny after disclosing that it was among those exploited by hackers.
A security researcher warned SolarWinds last year that he could use the password “solarwinds123” to gain access to its servers for software updates.
“Any attacker could easily do this,” security researcher Vinoth Kumar said of the extremely weak password found.
In a filing with the Securities and Exchange Commission last week, the company said it believed as many as 18,000 customers had installed Orion’s Web update software. That allowed them to be attacked by a type of malware called SUNBURST, experts say.
SolarWinds is still investigating whether and to what extent vulnerabilities in Orion products have been exploited,” the company said in the filing. “
SolarWinds serves more than 300,000 customers worldwide.
Recent Comments