In mid-December, we saw an unprecedented cybersecurity attack on the U.S. government that bookended a troubling year on many fronts.
According to official reports, the U.S. Treasury Department, the U.S. Commerce Department, and Homeland Security were hacked by what was suspected to be Russia. Following the attack, the U.S. government acknowledged a breach and stated they were launching a full assessment of the situation.
It’s suspected that the breach could have lasted months before it was detected. While the full extent of the breach was not immediately clear, U.S. officials know that hackers broke into the government departments’ email systems, with additional concern that hackers may have infiltrated other government departments and possibly several private companies as well.
U.S. Government officials spared little detail as to the investigation. Further, they did not officially name Russia as being solely responsible for the attack. The Commerce Department, the National Security Council, and the Department of Homeland Security acknowledged a breach of their bureaus, stating they were working closely to decipher suspicious activity on government networks.
Despite Russia denying any involvement in the breach, many reports name the SVR, Russia’s foreign intelligence service, as the likely perpetrator.
Follow-up actions from the government were as follows. The CISA (U.S. Cybersecurity and Infrastructure Security Agency) issued an emergency directive. The directive requires all federal civilian agencies to review their computer networks for signs of a breach. Further, the directive recommends all agencies disconnect from SolarWinds Orion products as soon as possible.
Reach out to us if you have any questions here.