December 18th, 2020
Continued fallout from the massive cyber attack against Gov't agencies
The Department of Homeland Security's cyber arm has warned that the recent cyberattack affecting government agencies is far broader than officials had thought.
The Cybersecurity and Infrastructure Security Agency said the compromised software program, SolarWinds, isn’t the only way hackers infiltrated networks, and those responsible may have used “tactics, techniques and procedures that have not yet been discovered.Reuters reported, "On Monday, SolarWinds confirmed that Orion - its flagship network management software - had served as the unwitting conduit for a sprawling international cyberespionage operation. The hackers inserted malicious code into Orion software updates pushed out to nearly 18,000 customers."Yesterday, Microsoft identified over 40 of its customers, with 80% of the victims from the U.S., who had the hacked program installed. Microsoft President Brad Smith added that “it’s a certainty that the number and location of victims will keep growing.” ”
This news just escalates already growing concern about the scale and scope of the breach, which the agency says “poses a grave risk" to the federal government and other areas of the public and private sectors.Microsoft’s President Brad Smith wrote that "the attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them. The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft."
Questions are also lingering about how long the breach went undetected by the US government and when President Trump, who has stayed silent on the matter, may address it.The CISA released an Emergency Directive to all federal civilian agencies to "immediately disconnect or power down affected SolarWinds Orion products" on December 13th.The FBI, CISA and the Office of the Director of National Intelligence have formed a Cyber Unified Command Group or UCG in response to an "ongoing cyber-security campaign" which they describe as a "significant cyber incident".Congress members are demanding answers to know what was taken, how, and who was behind it. While multiple administration officials have alluded that evidence points towards Russia, Trump has remained quiet, continuing to focus most of his public messages on unproven claims of voter fraud instead, attacking the "China" virus, and even sharing multiple tweets about when the Russia collusion investigation actually began.President-elect Joe Biden has released a statement saying he would “elevate cybersecurity as an imperative across the government” and “disrupt and deter our adversaries” from undertaking such major hacks.According to CNBC The Trump administration acknowledged reports on Sunday that a group backed by a foreign government carried out a cyberattack on the U.S. Treasury Department and a section of the U.S. Department of Commerce. “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot wroteThis criticism over a "lack of response" from the Trump Administration seems like a very convenient smokescreen from the left and Never-Trump Republicans to divert attention away from the rampant irregularities and serious allegations of election fraud that have caused 20 states' Attorneys General to contest the 2020 Election results along with 126 members of Congress.The Cyber Unified Command Group (UCG) was developed under Obama's oversight as part of the United States Cyber Incident Coordination Presidential Directive from July 26, 2016.