Widespread hacker attack has cyber experts around the world scrambling to defend networks

Suspected Russian the Pirates who broke into US government agencies also spied on smaller organizations, including groups in Britain, a US internet service provider and a county government in Arizona, according to web archives and a security source.

More details were revealed on Friday about the cyber espionage campaign that has computer network Security teams around the world are scrambling to contain the damage as a top official in US President Donald Trump’s outgoing administration explicitly acknowledged Russia’s role in the hack for the first time.

Secretary of State Mike Pompeo said on the Mark Levin radio show “I think it’s the case that now we can say pretty clearly that it was the Russians who did this activity.”

Networking equipment maker Cisco Systems Inc said a limited number of machines in some of its labs had been found with malware, without saying if anything had been taken. A person familiar with the company’s ongoing investigation said less than 50 were compromised.


In Britain, a small number of organizations were compromised and not in the public sector, a security source said.

Shares of cybersecurity firms FireEye Inc, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet the flurry of disclosures from Microsoft Corp and others would boost demand for security technologies.

Teleprinter Security Last Change Change %
FEYE n / A n / A n / A n / A
PANW PALO ALTO NETWORKS INC. 499.11 +0.51 +0.10%
MSFT MICROSOFT CORP. 310.20 +5.40 +1.77%

Reuters identified Cox Communications Inc and the government of Pima County, Arizona as victims of the breach by running a publicly available coding script here researchers from private Moscow-based cybersecurity firm Kaspersky. Hacking hacked ubiquitous network management software created by SolarWinds Corp. Kaspersky decrypted online web records left by attackers.

The breaches by US government agencies, first revealed by Reuters on Sunday, affected the Department of Homeland Security, the Treasury Department, the State Department and the Department of Energy. In some cases, the breaches involved email monitoring, but it was unclear what the hackers were doing by infiltrating the networks, cybersecurity experts said.


Trump has said nothing publicly about the intrusion. He was briefed “as needed,” White House spokesman Brian Morgenstern told reporters. National Security Adviser Robert O’Brien led interagency meetings daily, if not more often, he said.

“They are working very hard on mitigation and making sure our country is safe. We won’t go into too much detail because we’re just not going to tell our opponents what we’re doing to fight those things,” Morgenstern said.

No decision was made on how to respond or who was responsible, a senior US official said.

Cyber ​​spies have spent months covertly exploiting SolarWinds software to peer into computer networks, putting its customers, including the US Department of Commerce, on high alert. (AP Photo/Manuel Balce Ceneta, File)

SolarWinds, which revealed its unwitting role at the center of global hacking on Monday, said up to 18,000 users of its Orion software had downloaded a compromised update containing malicious code planted by the attackers. The attack was considered the work of an “external nation-state,” SolarWinds said in a regulatory statement.

People familiar with the matter said the hackers worked for the Russian government. Kremlin spokesman Dmitry Peskov dismissed the allegations.

On Friday, U.S. Representative Stephen Lynch, head of the National Security Subcommittee of the House Oversight and Reform Committee, said the information provided by the Trump administration was “very disappointing.”

“This hack was of such magnitude that even our cybersecurity experts don’t yet have a real idea of ​​the scale of the intrusion itself,” adding that it would take some time to fully review all agencies. and targets.


The breach appeared to give President-elect Joe Biden an immediate headache when he takes office on January 20. to respond when and how we choose, often in close coordination with our allies and partners.

Microsoft, one of thousands of companies to receive the malicious update, said it notified more than 40 customers whose networks were still infiltrated by hackers.

About 30 of those customers were in the United States, Microsoft said, with the other victims found in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates. Most have worked with information technology companies, some think tanks, and government organizations.