The US government issued an emergency directive to federal agencies in the wake of a major cyberattack, as multiple media outlets reported at least two departments — including the Treasury — had been targeted by hackers with ties to Russia.
In a statement Sunday, the Cybersecurity and Infrastructure Security Agency (CISA) said it had ordered federal agencies to immediately stop using SolarWinds Orion IT products following reports that hackers had used a recent update to gain access to internal communications.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales.
“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks… we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks,” he added.
The US government earlier Sunday admitted its computer networks had been hit by a cyberattack.
“We have been working closely with our agency partners regarding recently discovered activity on government networks,” a spokesperson for the Cybersecurity and Infrastructure Security Agency told AFP.
“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
IT company SolarWinds over the weekend admitted that hackers had exploited a backdoor in an update of some of its software released between March and June.
“We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” the firm said on its website.
The hacks are part of a wider campaign that also hit major cybersecurity firm FireEye, which said its own defenses had been breached by sophisticated attackers who stole tools used to test customers’ computer systems.
FireEye said it suspected the attack was state-sponsored, and warned it could have affected numerous high profile targets across the globe.
“Victims have included government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East,” the firm said.
Microsoft also alerted its users to what it described as a sophisticated campaign aimed at “high value targets” in government and cybersecurity and which it said represented “nation-state activity at significant scale.”
US media reports said the FBI was investigating a group working for the Russian foreign intelligence service, SVR, and that breaches had been taking place for months.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot said.
Russia’s embassy in the US hit back late Sunday against what it said were the “unfounded” media claims that the Kremlin was involved in the attacks.
“Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,” the embassy said in a statement on its official Facebook page.
“Russia does not conduct offensive operations in the cyber domain.”