DHS/CISA issue new warning of "grave risk" from ongoing cyber attack

- Tweet0
- 0
- Pin It 0
- 0
- Subscribe to RSS
Subscribe

Subject: DHS/CISA issue new warning of "grave risk" from ongoing cyber attack

SMS Alert Text:

DHS/CISA issue new warning of "grave risk" from ongoing cyber attack targeting fed, state & local govs, critical infrastructure & private sector. See email.

Supplemental Info:

Background:

The federal government is reeling from multiple data breaches at top departments and agencies, the result of a worldwide hacking campaign with possible ties to Russia. The breadth and depth of the compromise is currently unknown.

According to SolarWinds, a company that provides tech services to large companies and numerous government agencies, along with Microsoft, FireEye (a publicly traded cybersecurity company), and the DHS/CISA, the attackers compromised a server used to build updates for the SolarWinds Orion Platform, a product used for IT infrastructure management.

The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers.

The hackers have already parlayed their access into consequential breaches at the DHS, DoD, the U.S. Treasury, the Dept. of Commerce, Dept. of State, the National Institutes of Health and others. Nearly all Fortune 500 companies use SolarWinds products to monitor their networks. So does Los Alamos National Laboratory, where nuclear weapons are designed, as well as major defense contractors.

The malicious updates were sent between March and June, just when America was hunkering down to weather the first wave of the pandemic. This left the hackers with months to exploit the compromised systems.

Key Takeaways From The Latest Alert:

"CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated"

"CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations."

Additionally:

This is a patient, well-resourced, and focused adversary that has sustained long duration activity on victim networks.
The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged.
Not all organizations that have the backdoor delivered through SolarWinds Orion have been targeted by the adversary with follow-on actions.
Organizations with suspected compromises need to be highly conscious of operational security, including when engaging in incident response activities and planning and implementing remediation plans.

Read the Full Alert:

Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

https://us-cert.cisa.gov/ncas/alerts/aa20-352a

Service Notes:

This email message is a component of the AlertsUSA Homeland Security Threat and Incident Notification Service for mobile devices. You have paid for this service and are encouraged to archive these messages.

Service Issues? Let Us Know
service@AlertsUSA.com

Discount Subscription Link (share w/ friends):
https://AlertsUSA.com/discount.html

Threat Journal Newsletter:
https://ThreatJournal.com

Connect With Us:
Twitter: https://twitter.com/AlertsUSA

Twitter: https://twitter.com/ThreatJournal

Facebook: https://www.facebook.com/Alertsusa

AlertsUSA, Inc, 29488 Woodward Ave #423, Royal Oak, Michigan 48073, United States

You may unsubscribe or change your contact details at any time.

Subscribe

Subject: DHS/CISA issue new warning of "grave risk" from ongoing cyber attack