WASHINGTON (CN) — Federal investigators warned Thursday a massive U.S. cybersecurity breach thought to be the work of Russian hackers continues to threaten government networks and the private sector.
Both government and private networks were compromised in the hack “beginning in at least March 2020,” the Cybersecurity and Infrastructure Security Agency said in an alert, which acknowledged that there is still much to learn about the difficult-to-detect attack.
“This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks,” the agency said.
CISA described the situation as “a grave risk to the federal government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
“This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” the agency wrote. “It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered.”
While CISA nor the FBI has publicly confirmed the country responsible for the attack, a U.S. official speaking anonymously to The Associated Press said that Russia-based hackers were suspected, but that this information has not been released publicly as it “isn’t 100% confirmed.”
Another U.S. official told the AP anonymously Thursday that this could be “the worst hacking case in the history of America.”
“They got into everything,” the official said.
While President Donald Trump has not yet made any public statement about the breach, President-elect Joe Biden said Thursday his administration plans to make cybersecurity a top priority and will begin dealing with the attack the moment he enters office.
“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said in a statement. “I have instructed my team to learn as much as we can about this breach, and Vice President-elect Harris and I are grateful to the career public servants who have briefed our team on their findings, and who are working around-the-clock to respond to this attack.”
According to CISA, the hackers gained access to government networks via a network management system distributed by a Texas-based company called SolarWinds in some, but not all, instances. According to a Securities and Exchange Commission filing by SolarWinds this week, almost 18,000 organizations received the infected code.
The agency’s announcement comes after media reports last week that said Russian hackers broke into the computer systems of the Commerce and Treasury departments, after which CISA asked civilian federal agencies to take SolarWinds off their servers. The State and Homeland Security departments, as well as the National Institutes of Health. were also said to have been affected along with thousands of private companies across the globe.
FireEye, a top cybersecurity firm, also announced in the last few weeks that hackers backed by a foreign government stole the company’s hacking tools. The company provides security for several federal and local governments. FireEye has said that it will not be enough to close the digital back doors created by the hackers because now they have the keys to these federal and private systems.
According to CISA, removing the “threat” from compromised systems “will be highly complex and challenging.”
“Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans,” the CISA alert said .
Biden added in his statement Thursday that his administration has plans to confront cyberattacks head on.
“We will elevate cybersecurity as an imperative across the government, further strengthen partnerships with the private sector, and expand our investment in the infrastructure and people we need to defend against malicious cyber attacks,” he said. “But a good defense isn’t enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place.”
Working with its allies, Biden said the U.S. could discourage cyber warfare by beginning to impose “substantial costs” on parties behind malicious attacks.