US authorities are still working to unveil the full extent of the likely Russian attack that gave the “sophisticated” actor behind the breach full access to files and email. from at least nine government agencies and about 100 private companies, the White House’s top cyber security official said Wednesday.
Anne Neuberger, the newly appointed Deputy National Security Advisor for Information and Emerging Technology, also warned that the danger did not pass because hackers breached the networks of tech companies whose products could be used to launch further intrusions.
A task force is investigating the extent of the damage from the breach, evaluating potential responses and trying to confirm the identity of whoever was behind it – a process warned by Neuberger will take longer. “This is a sophisticated actor who did his best to hide his tracks,” he told reporters at the White House. “We believe it has taken months to plan and execute this compromise. It will take time to discover this layer by layer.” US authorities said the breach, first revealed in December, appears to be the work of Russian hackers. Neuberger, a former senior National Security Agency official named this month by President Joe Biden, went no further. “An advanced and persistent threat actor, possibly of Russian descent, was responsible,” he said, without giving details of potential responses. The Russian government has denied involvement.
Private security firm FireEye was the first to publicly identify the breach, revealing that hackers had hijacked widely used network software from SolarWinds Inc. to install malicious software through a routine security update.
Intelligence agencies did not detect the breach because they largely lack “visibility on private sector networks,” and it was launched in the United States, Neuberger said. He said the Biden administration supports the “culture and authority” changes that prevented the hack from be detected on federal civil systems.
The hack, Neuberger said, highlights the need to modernize the nation’s IT infrastructure and cyber defenses, issues that will be addressed in an upcoming executive order. Several agencies acknowledged having been breached, including the Treasury Department and the Department of Justice, but the full list has not been publicly published. Once inside, the hackers had full access to the victims’ data. “The techniques used lead us to believe that any file or email on a compromised network could be compromised,” Neuberger said.
Some members of Congress have criticized the response based on what has been said so far, all in private. “The briefings we received convey a disjointed and disorganized response to address the violation,” Senator Mark Warner, a Democrat from Virginia, and Sen. Marco Rubio, Republican from Florida said in a recent letter to the White House.
Neuberger said he intended to return to the Capitol to inform lawmakers in the coming days. ____ Aamer Madhani, writer for the Associated Press, contributed to this report. PMSPMS
(This story was not edited by our team of editors and is generated from a feed.)
- The United States is still unveiling “sophisticated” hacks from 9 government agencies