U.S. Sees a ‘Grave Risk’ in Scope of Russia-Linked Hacking

The suspected Russian hacking spree that has roiled U.S. government agencies poses a “grave risk” to federal, state and local governments as well as critical infrastructure and the private sector, according to an advisory posted Thursday.

The Cybersecurity and Infrastructure Security Agency, or CISA, said the hackers demonstrated “sophistication and complex tradecraft” in the attacks. Removing the attackers from compromised networks will be “highly complex and challenging,” according to the advisory.

Although President Donald Trump has yet to comment on the attacks, President-elect Joe Biden issued a statement Thursday on “what appears to be a massive cybersecurity breach affecting potentially thousands of victims, including U.S. companies and federal government entities.”

“I want to be clear: My administration will make cybersecurity a top priority at every level of government -- and we will make dealing with this breach a top priority from the moment we take office,” Biden said, pledging to impose “substantial costs on those responsible for such malicious attacks.”

Despite Trump’s silence, Robert O’Brien, his national security adviser, cut short a multicountry trip to Europe to return to the U.S. to address the suspected Russian hack, signaling growing alarm within the Trump administration about a cyber espionage campaign considered potentially one of the most damaging in years.

The attackers got into computer networks by installing a vulnerability in Orion software from SolarWinds Corp., which is widely used by government agencies and the private sector. CISA said it has evidence that the hackers also used other methods to infiltrate networks, in addition to Orion software. Those remain under investigation.

“This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks,” CISA said in its bulletin.

Without mentioning Russia, CISA attributed the attack to an “advanced persistent threat actor,” a term used to describe hacking teams associated with nation-states.

CISA’s parent organization, the Department of Homeland Security, was among those breached in the attack, in addition to the departments of Treasury, Commerce and State, according to a person familiar with the matter.

©2020 Bloomberg L.P.

BQ Install

Bloomberg Quint

Add BloombergQuint App to Home screen.