Cyber-attack is brutal reminder of the Russia problem facing Joe Biden. Microsoft called on the incoming Biden administration to improve cybersecurity intelligence-sharing across government and with allies.
Microsoft has
said the UK and six other countries outside the US have been affected by a
suspected Russian hacking attack that US authorities have warned poses a grave
risk to government and private networks.
Brad Smith,
Microsoft’s chief legal counsel, said the company had uncovered 40 customers,
including government agencies, thinktanks, NGOs and IT companies, who were
“targeted more precisely and compromised” after the hackers had gained initial
access earlier this year.
Eighty per
cent were in the US, including, it is feared, agencies responsible for the US
nuclear weapons stockpile. But the remainder were spread out across other
countries.
“This
includes Canada and Mexico in North America; Belgium, Spain and the United
Kingdom in Europe; and Israel and the UAE in the Middle East,” Smith said.
“It’s certain that the number and location of victims will keep growing.”
Known British
victims are currently small in number and security sources indicated do not
include any public sector organisations. However, checks are ongoing, partly
because the sophistication of the hack makes it unclear who may have been
affected.
Russian
hacker groups are often linked to the country’s intelligence agencies, and US
officials have privately blamed the attack on Cozy Bear, a group accused of
trying to steal coronavirus vaccine secrets earlier this year.
The attack
appears to have started when an updated popular IT network management tool
called Orion, made by SolarWinds, was compromised from March this year. Around
18,000 customers installed the compromised update, many of whom were in the US
federal government.
Of these, at
least 40 were then selected by the attackers for further exploitation,
including the US Treasury and Department of Commerce, where emails are thought
to have been read, and the National Telecommunications and Information
Administration.
The hackers’
intention appears to have been a “high end espionage operation” according to
security sources, designed to steal government and military secrets.
Information has not thought to have been destroyed, although the assessment is
ongoing.
It emerged
overnight that the US National Nuclear Security Administration, which maintains
the US nuclear weapons stockpile, had evidence that hackers accessed its
networks. The NNSA also supplies some nuclear technology to the UK.
Microsoft
said it had been able to map some of the impact of the SolarWinds attack
because it has been brought in by clients to assist using its antivirus
software. The company admitted it too had fallen victim to the attack, although
it said it had not found “evidence of access to production services or customer
data”.
The FBI is
expected to hold a classified briefing for members of Congress on Friday about
the growing impact of the attack, which is potentially the most serious faced
by the US government in its history.
Smith said
the attack represented “a broad and successful espionage-based assault on both
the confidential information of the US government and the tech tools used by
firms to protect them.”
But it also
had global ramifications, he said, creating a vulnerability in the technology
supply chain “of nearly global importance, reaching several major national
capitals outside Russia.”
A map
produced by Microsoft showed where the hackers’ malware had been picked up by
users of its Microsoft Defender antivirus software, with evidence of
penetration in a range of countries including China but excluding Russia.
“This is not
‘espionage as usual’, even in the digital age. Instead, it represents an act of
recklessness that created a serious technological vulnerability for the United
States and the world,” Smith said.
Russia denies
responsibility for the attack. In a statement posted on Facebook this week the
Russian foreign ministry described the allegations as “another unfounded
attempt” by the US media to blame Russia for cyber-attacks against US agencies.
On Thursday
the president-elect, Joe Biden, said the US needed to better “disrupt and deter
our adversaries” and said he expected to work closely with “allies and
partners” in preventing Russian attacks.
This marked a
change in tone from Donald Trump’s outgoing administration. Trump was reluctant
to criticise the Kremlin and its spy agencies, which were accused of hacking
and leaking the contents of the Democratic party’s email server in the run-up
to the 2016 election campaign.
Microsoft
asked for the new president Biden to appoint a national cybersecurity director.
The most senior individual previously responsible, Chris Krebs, was fired by
Trump as director of the Cybersecurity and Infrastructure Security Agency in
November after he rejected the president’s election conspiracy theories.
Earlier this
week, Gen Sir Nick Carter, the head of Britain’s armed forces, warned in a
speech that “authoritarian rivals” were willing to engage in cyber and other
attacks “below the threshold that would prompt a war-fighting response”. They
were pursuing a strategy of “political warfare … designed to undermine
cohesion, to erode economic, political and social resilience,” he added.
No comments:
Post a Comment