Expand / Collapse search
Watch TV
Menu

Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital SolutionsLegal Statement.

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. FAQ - New Privacy Policy

Cyber Security
Published

Cyberattack on US Treasury, Commerce Dept. by foreign government explained

Cybersecurity investigators said the hack's impact extends far beyond the affected U.S. agencies.

Commerce Secretary Wilbur Ross says there will be more revelations 'soon' regarding the cyber hack backed by a foreign government on the U.S. Treasury Department and an agency within the Commerce Department. Video

A months-long global cyberespionage campaign that penetrated U.S. government agencies and involved a common software product used by thousands of organizations has left governments and major corporations scrambling to see if they too were victims of an attack.

The hack began as early as March when malicious code was snuck into updates to popular software that monitors the computer networks of businesses and governments. The malware, affecting a product made by U.S. company SolarWinds, gave elite hackers remote access into an organization's networks so it could steal information.

FILE: A woman types on a keyboard in New York.  (AP)

It wasn't discovered until the prominent cybersecurity company FireEye learned it was hacked. Whoever broke into FireEye was seeking data on its government clients, the company said. The hackers made off with tools it uses to probe its customers' defenses.

Cybersecurity investigators said the hack's effects extend far beyond the affected U.S. agencies, which include the Treasury and Commerce departments, though they haven't disclosed which companies or what other governments were targeted.

"There's no evidence that this was meant to be destructive," said Ben Buchanan, Georgetown University cyberespionage expert and author of "The Hacker and The State." He called the campaign's scope, "impressive, surprising and alarming."

WILBUR ROSS: CYBERATTACK ON US TREASURY COMMERCE DEPT. TAKEN 'VERY SERIOUSLY'

SolarWinds, of Austin, Texas, provides network-monitoring and other technical services to hundreds of thousands of organizations around the world, including most Fortune 500 companies and government agencies in North America, Europe, Asia, and the Middle East.

Its compromised product, called Orion, accounts for nearly half SolarWinds' annual revenue. Its centralized monitoring looks for problems in an organization's computer networks, which means that breaking in gave the attackers a "God-view" of those networks.

SolarWinds, whose stock fell 17% on Monday, said in a financial filing that it sent an advisory to about 33,000 of its Orion customers that might have been affected, though it estimated that fewer than 18,000 had actually installed the compromised product update earlier this year.

Neither SolarWinds nor U.S. cybersecurity authorities have publicly identified which organizations were breached. Just because a company or agency uses SolarWinds as a vendor doesn't necessarily mean they were vulnerable to the hacking. The malware that opened remote-access backdoors was injected into SolarWinds' Orion product updates released between March and June, but not every customer installed them.

GET FOX BUSINESS ON THE GO BY CLICKING HERE

SolarWinds said it was advised that an "outside nation state" infiltrated its systems with malware. Neither the U.S. government nor the affected companies have publicly said which nation state they think is responsible. Russia, the prime suspect according to many security experts, said Monday it had "nothing to do with" the hacking.

"Once again, I can reject these accusations," Kremlin spokesman Dmitry Peskov told reporters. "If for many months the Americans couldn't do anything about it, then, probably, one shouldn't unfoundedly blame the Russians for everything."

Buchanan said the "operational tradecraft" seems extremely good. The hackers were "experienced and capable, adept at finding a systemic weakness and then exploiting it quietly for months." Supporting the consensus in the cyberthreat analysis community that Russians are responsible are the tactics, techniques, and procedures used, which bear their digital fingerprints, said Brandon Valeriano, a Marine Corps University technology scholar.

CLICK HERE TO READ MORE ON FOX BUSINESS

An advisory issued by Microsoft, which assisted FireEye in the hack response, said it had "delivered more than 13,000 notifications to customers attacked by nation-states over the past two years and observed a rapid increase in (their) sophistication and operational security capabilities."

The Associated Press contributed to this report.