U.S. cybersecurity agency warns of ‘grave’ threat from hack

Aerial view of U.S. Treasury Department building
The Treasury Department is one of the multiple federal agencies whose computer networks were reportedly breached by hackers.
(Patrick Semansky / Associated Press)

The federal government’s top cybersecurity agency issued its most urgent warning yet about a sophisticated and extensive computer breach, saying Thursday that it posed a “grave risk” to networks maintained by governments, utilities and the private sector and could be difficult to purge.

Removing the malware from “compromised environments will be highly complex and challenging for organizations,” the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, said in an alert providing the most extensive details yet about the hack.

Over the weekend, reports emerged that hackers had broken into computer networks at multiple federal agencies, including the Treasury and Commerce departments. The list of victims has continued to grow, and includes the Department of Homeland Security and the National Institutes of Health. Federal law enforcement officials have said Russia was behind the attack and are still assessing how much information was pilfered by Moscow.


The Russian Embassy has denied responsibility. U.S. cybersecurity officials have not officially blamed the Kremlin, but the CISA alert noted that the attack came from “a patient, well-resourced, and focused adversary” that engaged in “operational security and complex tradecraft.”

Cybersecurity experts said Russia was among the few countries that could support such an attack.

The security compromises began at least as early as March, according to CISA, with the infiltrators gaining initial access through a compromise in a piece of software made by SolarWinds — a Texas-based company that sells network-monitoring cybersecurity software — although CISA said evidence indicates hackers had other access points.

When SolarWinds customers running the software installed updates, they unknowingly downloaded malicious code and granted hackers access to their network. Hundreds of thousands of organizations use SolarWinds products, and U.S. agencies have been told to disconnect machines running the compromised program.

“Most of the sensitive folk have shut down SolarWinds, so now they’re flying blind; they don’t have … their usual detection technology,” said Robert Cattanach, a cybersecurity expert and former special counsel to the secretary of the Navy. “It’s a very uncertain time right now.”

To further complicate things, SolarWinds was so ubiquitous in the cybersecurity sector that there’s not a clear, immediate substitute, Cattanach added.

The House Homeland Security and Oversight committees launched an investigation into the hacks Thursday, warning that “based on preliminary reporting, it is evident that this latest cyber intrusion could have potentially [devastating] consequences for U.S. national security.”