Recap: Russia Suspected in Historic U.S. Government Cybersecurity Breach

In mid-December, we saw an unprecedented cybersecurity attack on the U.S. government that bookended a troubling year on many fronts. 

According to official reports, the U.S. Treasury Department, the U.S. Commerce Department, and Homeland Security were hacked by what was suspected to be Russia. Following the attack, the U.S. government acknowledged a breach and stated they were launching a full assessment of the situation.

It’s suspected that the breach could have lasted months before it was detected. While the full extent of the breach was not immediately clear, U.S. officials know that hackers broke into the government departments’ email systems, with additional concern that hackers may have infiltrated other government departments and possibly several private companies as well.

U.S. Government officials spared little detail as to the investigation. Further, they did not officially name Russia as being solely responsible for the attack. The Commerce Department, the National Security Council, and the Department of Homeland Security acknowledged a breach of their bureaus, stating they were working closely to decipher suspicious activity on government networks. 

Despite Russia denying any involvement in the breach, many reports name the SVR, Russia’s foreign intelligence service, as the likely perpetrator.

Follow-up actions from the government were as follows. The CISA (U.S. Cybersecurity and Infrastructure Security Agency) issued an emergency directive. The directive requires all federal civilian agencies to review their computer networks for signs of a breach. Further, the directive recommends all agencies disconnect from SolarWinds Orion products as soon as possible.

Here are our takeaways: 

• This will probably take most of 2021 for the government to figure out how vast this attack was and to counteract any persistent threats. We hope agencies are building a parallel infrastructure from the ground up and starting over from scratch for the highly classified departments ( ).
• We expect the U.S. to solidify rules of engagement for cyberattacks of this nature also in 2021. How is this example not an act of war?
• Supply chain attacks, aka, going after your weakest vendor, is finally a mainstream news headline. For years, supply chain attacks have affected local governments and the private sector. Typically what happens is: an IT Company or cloud provider gets hacked, their clients get hacked (hello supply chain attack), and everyone’s IT comes to a screeching halt due to a ransomware event or worse. In many cases, these IT Companies and cloud providers pay the ransom (to terrorists typically, which is illegal), data gets unlocked, and life goes on. This is such a bigger deal than it’s been treated. With the mainstream coverage of supply chain attacks, we expect aggressive regulations that weed out the weak links in the supply chain, and the country will be more secure for it.

Reach out to us if you have any questions here.