Home News GCHQ spies probe whether Russian hackers stole UK government secrets after months-long cyber attack on US agencies using the same SolarWinds security software

GCHQ spies probe whether Russian hackers stole UK government secrets after months-long cyber attack on US agencies using the same SolarWinds security software

December 15, 2020
Read
  • National Cyber Security Centre assessing impact of US hacking incident on UK
  • Hackers believed to be Russian targeted hugely popular software SolarWinds
  • Global firm SolarWinds reportedly used by Ministry of Defence, Cabinet Office, GCHQ and other government branches as well as all five branches of US military
  • Sophisticated campaign targeted US Treasury and Commerce Departments but impact and reach of the hackers is still being investigated by Homeland Security
  •  British security services are investigating whether Russian hackers stole UK government secrets following extensive cyber attacks on US agencies which used the same security software.

    The FBI and the Department of Homeland Security are investigating what was described as a large-scale penetration of US government agencies.

    The attack has been apparently linked to the same months-long cyberespionage campaign that also afflicted the prominent cybersecurity firm FireEye.


  • Pictured: GCHQ in Gloucestershire. British security services are investigating whether Russian hackers stole UK government secrets following extensive cyber attacks on US agencies
    +2

    Pictured: GCHQ in Gloucestershire. British security services are investigating whether Russian hackers stole UK government secrets following extensive cyber attacks on US agencies'This can turn into one of the most impactful espionage campaigns on record,' said cybersecurity expert Dmitri Alperovitch. The apparent conduit for the Treasury and Commerce Department hacks - and the FireEye compromise - is a hugely popular piece of server software called SolarWinds.

    SolarWinds software is used by government departments including GCHQ, the Ministry of Defence, the Cabinet Office and the Ministry of Justice, according to the Telegraph.

    The hacks were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company's own hacking tools.

    Many experts suspect Russia is responsible. FireEye's customers include federal, state and local governments and top global corporations.

     Now the UK's National Cyber Security Centre, which forms part of GCHQ, has confirmed it is looking into whether the hackers targeted UK agencies.  

    A spokesman for the NCSC told MailOnline: 'The NCSC is working closely with FireEye and international partners on this incident.

    Pictured: Jeremy Fleming, director of GCHQ

    Pictured: Jeremy Fleming, director of GCHQ

    'Investigations are ongoing, and we are working extensively with partners and stakeholders to assess any UK impact.

    'The NCSC recommends that organisations read FireEye's update on their investigation and follow the company's suggested security mitigations.'

    SolarWinds is used by hundreds of thousands of organisations globally.

    This includes most Fortune 500 companies and multiple US federal agencies who will now be scrambling to patch up their networks, said Mr Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.

    FireEye said in a blog post that its investigation into the hack of its own network had identified 'a global campaign' targeting governments and the private sector that, beginning in the spring, slipped malware into a SolarWinds software update.

    The malware gave the hackers remote access to victims' networks.

    FireEye said it had notified 'multiple organisations' globally where it saw indications of compromise.

    The US government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible.

    Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect.

    National Security Council spokesman John Ullyot said in a statement that the government was 'taking all necessary steps to identify and remedy any possible issues related to this situation'.

    SolarWinds, based in Texas, claims the 10 leading US telecommunications companies and top five US accounting firms are among its customers as well as all five branches of the US military
    +2

    SolarWinds, based in Texas, claims the 10 leading US telecommunications companies and top five US accounting firms are among its customers as well as all five branches of the US military

    On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the US military, the Pentagon, the State Department and the White House.

    It says the 10 leading US telecommunications companies and top five US accounting firms are also among customers.

    The government's Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help 'identify and mitigate any potential compromises'.

    Kremlin spokesman Dmitry Peskov said Monday that Russia had 'nothing to do with' the hacking.

    'Once again, I can reject these accusations,' Peskov told reporters. 'If for many months the Americans couldn't do anything about it, then, probably, one shouldn't unfoundedly blame the Russians for everything.'

    On Sunday, Russia's U.S. embassy said attempts to blame Russia were 'unfounded.'

Tags :

No comments:

Subscribe to: Post Comments ( Atom )
Powered by Blogger.