British cyber spies are today urgently investigating a suspected Russian hack that wreaked havoc in the US amid fears it could affect UK government departments, police forces and private companies.
The widespread attack is cited as the largest breach in American history and a "serious threat" to the US government after hackers infiltrated networks of the Pentagon, the FBI, the Treasury Department, the State Department and the nuclear security agencies.
The UK Cyber Security Agency announced today that it has investigated the incident in which attackers – believed to be working for the Kremlin – gained access to computer networks by finding a security flaw in a software update to the US American technology company SolarWinds.
The UK government is refusing to say whether departments or civil authorities are affected, but publicly available documents show that the infected update called Orion was used by the Home Office.
SolarWinds' customers also include the NHS, Department of Defense, Cabinet, Department of Justice, GCHQ, Civil Aviation Administration and the police force. It is not clear whether any of these bodies used the Orion update or whether they are affected.
Microsoft was also hit and today identified 40 customers who were exposed, including some in the UK. Most of America's 500 largest corporations have reportedly been targeted, but the implications for the UK private sector are not yet clear.
The number of UK companies affected is believed to be small and there is a low likelihood that customer data will be breached.
The UK government is refusing to say whether departments or civil authorities are affected, but publicly available documents show that the infected update called Orion was used by the Home Office
How hackers used legitimate software to carry out "the greatest hack in US history"
The U.S. Agency for Cybersecurity and Infrastructure Security has issued a warning detailing what it knows about the breach.
CISA said hackers could compromise the SolarWinds network management software supply chain, particularly the latest versions of SolarWinds Orion products.
Starting in March 2020, hackers used SolarWinds software updates to install a secret network backdoor known by the authorities as SUNBURST.
The malicious code was signed with the legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.
Once installed on a network, the malware used a protocol that mimicked legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down.
The initial contact domain often redirected the malware to a new Internet Protocol (IP) address for guidance and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target's home country to make the traffic more difficult to detect.
"Taken together, these observed techniques indicate an adversary who is knowledgeable, unfamiliar with operational security, and willing to devote significant resources to maintaining covert presence," CISA said in the warning.
Officials in the US say the attack went undetected for nearly nine months, giving the hackers free reach on the affected networks, including the Pentagon, FBI, Treasury Department, State Department, and nuclear security agencies, and the true extent of the stolen information may never be known.
"There will have to be a price for that," said Dick Durbin, an Illinois Democrat, in a speech in the US Senate today.
"This is nothing less than a virtual Russian invasion of critical reports from the federal government."
"When opponents like Russia torture us, tempt us, violate our nation's security, we have to respond in kind," said Durbin, although he noted that he was not calling for a "full war".
President-elect Joe Biden also swore a tough answer, saying in a statement: "Our opponents should know that, as President, I will not stand idly by in the face of cyber attacks on our nation."
Biden pledged to "disrupt and deter" future cyber attacks by "imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners."
The White House has not yet commented on the violation. The attack creates, if authorities can prove it was carried out by Russia, as experts believe, a new foreign policy issue for President Donald Trump in his final days in office.
Officially, the US Cybersecurity and Infrastructure Security Agency has not publicly identified Russia as the source of the attack, and Russia denies involvement. However, private security companies say all signs point to the Kremlin.
When asked if Russia was behind the attack, a US official said, “We believe it. We haven't said that publicly yet because it's not 100 percent confirmed. & # 39;
CISA warned that the nifty attack was difficult to spot and difficult to undo. "This threat actor has demonstrated sophistication and complex craftsmanship in these interventions," the agency said in a Flash bulletin.
The agency said the intrusion, which it called SUNBURST, posed a "serious risk" to "critical infrastructure" in both the public and private sectors and at all levels of government.
US President-elect Joe Biden also swore a harsh answer and said in a statement: "Our opponents should know that, as President, I will not stand idly by in the face of cyber attacks."
In a statement to DailyMail.com on Thursday, a Microsoft spokesperson confirmed that the company had detected and removed malicious code from the SolarWinds attack inside the company, but denied that any of its products were affected.
Microsoft is one of the world's largest technology companies with customers from the public and private sectors and last year won the JEDI contract for $ 10 billion to operate the Department of Defense's cloud computing system.
& # 39; We did not find any evidence of access to production services or customer data. Our ongoing investigations have shown absolutely no evidence that our systems have been used to attack others, ”the spokesman said.
The two agencies responsible for maintaining America's nuclear weapons supply also have evidence that they were compromised in the attack, which also targeted the Pentagon, FBI, Treasury and State Department.
"This appears to be the worst hacking case in American history," said a US official on condition of anonymity. "You got involved in everything."
A spokesman for the UK's National Cyber Security Center said: & # 39; We are continuing to investigate this incident and have provided guidance for SolarWinds’s Orion Suite customers.
"While it is important to note that this issue has only been reported for the Orion suite of products and therefore does not affect all SolarWinds customers, we strongly encourage those affected to follow our guidelines."
Dmitry Peskov, a Kremlin spokesman, responded to the allegations of Russian involvement: “I can once again reject these allegations and remind you once again that it was President (Vladimir) Putin who suggested that the American side approve and to conclude agreement (with Russia) on cybersecurity. & # 39;
Microsoft was injured in the massive alleged Russian campaign that hit several US government agencies, according to people familiar with the matter
(tagsToTranslate) Dailymail (t) News (t) UK Government news and UK Cabinet (t) FBI updates