The US Energy Department (DoE) & its National Nuclear Security Administration (NNSA), which is the agency that maintains the US nuclear stockpile, have been ‘compromised’ as part of the widespread cyber-attack uncovered this week, stemming from the massive Solar Winds hack.
Sources suggested the DoE suffered “damage” in the attack, which also likely extends well beyond the initially known Solar Winds Orion attack radius.
US DoE Official Sources
An exclusive report by Politico cited US DoE official sources who explained that their dept. was ‘infiltrated’ by the cyber-attackers, including hits to the NNSA; the US Federal Energy Regulatory Commission (FERC) which has oversight for the entire dept; the Sandia & Los Alamos US National Laboratories in Washington & New Mexico; & the Richland Field Office of the DOE.
NBC News in the US, on Thurs. evening, commented that it had confirmed the report.
More Damage
The sources also alleged that not only was the DoE caught up in the espionage portion of the campaign, but that the attackers have been able to do “more damage at FERC than the other agencies,” & that they have evidence of “highly malicious activity” aimed there, the officials stated. They offered no further details.
DOE & NNSA officials have begun the notification process for their congressional oversight bodies, sources further added.
With the DoE, the number of US govt. divisions known to be impacted comes to 6; that includes the Pentagon, the US Department of Homeland Security (DHS), the National Institute of Health, the Department of Treasury & the Department of Commerce.
Much Larger
The US Cybersecurity & Infrastructure Security Agency (CISA) warned earlier on Thur. that the already sprawling cyber-attack could be much larger than originally thought.
The known attack vector for the incident is Solar Winds’ ‘Orion’ network management platform, whose users were infected by a ‘stealth backdoor’ that opened the way for ‘lateral’ movement to other parts of the network.
Trojan
It was pushed out via trojanised product updates to almost 18,000 organisations worldwide.
Now, it seems that Solar Winds may not be alone in its attack-vector role in the campaign. “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” it outlined in an updated bulletin on Thur.
Overwhelmed
CISA meanwhile, whose top official, Christopher Krebs, was fired for calling the 2020 US Presidential election secure, told FERC that it was ‘overwhelmed’ & lacked the resources to properly respond, sources observed.
The full extent of the attack is unknown, as are the perpetrators. Researchers & lawmakers alike, citing the highly sophisticated nature of the attack, have observed the intrusions were ‘likely’ carried out by Russian intelligence, though the US has not officially made any attribution.
https://www.cybernewsgroup.co.uk/virtual-conference-january-2021/