上个星期, FireEye acknowledged in a statement that the breach “occurred when the hackers, who already had an employee’s credentials, used those to register their own device to FireEye’s multi-factor authentication system so they could receive the employee’s unique access codes.”
FireEye has declined to provide additional details about how the hackers were ultimately discovered after evading detection for months, citing an ongoing investigation into the matter. The Cybersecurity and Infrastructure Security Agency also declined to comment. US officials and experts warn the hackers used multiple entry points to breach these networks, some of which have not yet been identified.
现在, the hackers are attempting to salvage what access they can as the US government and private sector are “burning it all down,” 消息人士说, referring to their complete overhaul of networks, which will force the attackers to find new ways of getting the information they seek.
与此同时, US officials continue to grapple with the fallout and assess just how successful the operation was, the US official said, noting that it is clear the nation-state responsible invested significant time and resources into the effort.
While the scope of the hacking campaign remains unclear, government agencies that have disclosed they were impacted have said there is no evidence to date that classified data was compromised.
But the way the hackers were discovered suggests the operation was intended to steal sensitive information beyond what was available on unclassified networks and sought to establish long-standing access to various targeted networks, 消息人士说.
The fact that FireEye — not the federal government — discovered the breach has also raised questions about why the attack went undetected at US government agencies.
Speaking to reporters
星期二, President-elect Joe Biden knocked President Donald Trump’s administration over hack
, charging that
“the Trump administration failed to prioritize cybersecurity.
“This assault happened on Donald Trump’s watch when he wasn’t watching,” 拜登说. “It is a grave risk, and it continues. I see no evidence that it’s under control. I’ve seen none.”
Biden also charged that the Pentagon is failing to brief his transition team on the extent of the hack. 在星期三, a senior defense official denied that was the case.
“The question of the damage done remains to be determined,” Biden said Tuesday. “We have to look at very closely the nature of the breaches, how extensive they are and what damage has been done.”
When Biden takes office next month, the hack will pose an immediate challenge, as it’s expected to take weeks or months to truly understand the extent of the damage to US agencies. Biden is also likely to have to decide how to respond if the federal government formally attributes the hack to Russia, which members of Trump’s administration and lawmakers have said is likely.
“I believe that when I learn the extent of the damage, and in fact who’s formally responsible, they can be assured that we will respond,” Biden said Tuesday. “We’ll probably respond in kind. We have many options, which I will not discuss now.”
Lawmakers on the relevant committees are also pushing to learn more about the extent of the hack, why it took so long to be discovered, and why it was a private company that ultimately unearthed the breach. Congressional committees have been briefed both by US officials from the intelligence community and other agencies, as well as by FireEyes, a sign of the company’s importance to understanding the data breach, lawmakers and aides say.
“If the public reporting is accurate that it was the private sector that discovered this, that’s another big question that our agencies are going to have to answer, 这是, why didn’t you catch this?” House Intelligence Chairman Adam Schiff said on MSNBC.
While a private company spotted the breach, a private sector contractor, SolarWinds, was at least one of the entry points hackers used to break into government networks. The software that the suspected malware was delivered with, SolarWinds Orion, has as many as 18,000 global customers, including government agencies and Fortune 500 companies.
“The government itself may have pretty good protections, but when you have a software firm you’re contracting with and they send you a patch and you install it, turns out to not really be a patch but a back door for the Russians or Chinese or whoever wants to do something like this,” 说森. 安格斯·金（Angus King）, a Maine Independent who co-chaired a congressional commission, the Cyberspace Solarium Commission, to improve US cyber defenses.
Much of the federal government only learned of one of the country’s worst-ever cybersecurity incidents from public reporting and disclosures from private firms. Lawmakers predict there will be efforts next year both to strengthen the US defenses and improve government partnerships with the private sector.
But that remains a complicated proposition.
“It’s very clear from this that we’re going to need to set up more partnerships between government and private companies,” 代表. Jim Himes, a Connecticut Democrat on the House Intelligence Committee, 告诉CNN. “We’re going to need to have a tough conversation about whether we want to make it easier for the government to look at private companies’ networks and products. That’s a very tough conversation because there’s civil liberties in the mix there.”
它的. Mark Warner of Virginia, the top Senate Intelligence Committee Democrat, told CNN’s Poppy Harlow on Tuesday there should be a reexamination of reporting requirements after data breaches for both private companies and government agencies.
“If you are a public company, you have to report at the end of the quarter, but there is no immediate requirement to report” for government entities, Warner said. “These are all things that leave us much more vulnerable.”