US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach

[uk666]

US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach

Kevin Mandia, CEO of FireEye, said that while some 18,000 organisations had the malicious code in their networks, it was the 50 who suffered major breaches.

Mr Mandia told CBS News that the cyber-attack "was very consistent" with what US officials know about the work of Russia's foreign intelligence agency, the SVR.

"I think these are folks that we've responded to in the '90s, in the early 2000s. It's a continuing game in cyberspace," he said.

He said the attack on the Texas-based SolarWinds Orion, the computer network tool at the source of the breach, had the "earliest evidences of being designed".

It started with a "dry run" in October 2019 when "innocuous code" was changed. "Then sometime in March, the operators behind this attack did put malicious code into the supply chain," he said, "injected it in there and that is the backdoor that impacted everybody".

What is being said about Russia's involvement?
Despite Russia's denials of the "baseless" claims, many in the US intelligence community suspect the Russian government is responsible.
Mr Pompeo said on Friday: "We can say pretty clearly that it was the Russians that engaged in this activity." He said that Russia was trying to "undermine our way of life", and that Russian President Vladimir Putin "remains a real risk".

The Republican Chair of the Senate intelligence committee, Marco Rubio, tweeted that it is "increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history". He said the response "must be proportional but significant".

Adam Schiff, Democrat chair of the House intelligence committee, echoed these views, saying on Sunday: "I don't think there's any question that it was Russia". And he took a swipe at President Trump for his comments on the issue saying they were "just uniformly destructive and deceitful, and injurious ... to our national security."

The president has long been hesitant towards Moscow, downplaying such incidents as allegations that Russia offered the Taliban bounties to kill US troops.

In his tweets on Saturday, Trump again turned on what he labels the "fake news media" for exaggerating the matter. He wrote: "The Cyber Hack is far greater in the Fake News Media than in actuality."

President-elect Joe Biden, who is due to be sworn in on 20 January, has vowed to make cyber-security a "top priority" of his administration.

"We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place," he said on Thursday.

"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in co-ordination with our allies and partners."

What do we know about the hacking campaign?
Hackers managed to gain access to major organisations by compromising network management software developed by the Texas-based IT company SolarWinds.

The access could have allowed the hackers to take a high degree of control over the networks of organisations using that software, but appears to have been used to steal data rather than for any disruptive or destructive impact.

It is thought they targeted a narrow number of organisations in an attempt to steal national security, defence and other related information.

SolarWinds Orion earlier said that 18,000 of its 300,000 customers might have been affected, but there is no indication that significant theft of customer or citizen data was an aim of the cyber-attack.

Researchers, who have named the hack Sunburst, say it could take years to fully comprehend it. For more than three decades, hackers linked to Moscow are believed to have tried to steal US secrets online.

Several other organisations around the world, including in the UK, are understood to have been targeted by hackers using the same network management software.