Russian Government Hackers Likely Behind Cyber Breach of U.S. Government Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive on the evening of December 13, 2020 in response to a massive data breach due to a critical software vulnerability that impacted several federal agencies. Agencies were instructed to shut off the Solarwinds Orion software, which hackers used to compromise federal email accounts. The software is used to monitor and manage IT infrastructure in a large-scale environment. Government officials suspect the hackers responsible are a part of a Russian government intelligence unit called “Cozy Bear,” who also infiltrated the Democratic National Committee in 2016.

CISA’s emergency directive instructed all agencies using the Orion software to disconnect the software by noon on Monday. Agencies were then required to submit a report to CISA to ensure they had followed the protocol. The directive states, “Until such time as CISA directs affected entities to rebuild the Windows operating system and reinstall the SolarWinds software package, agencies are prohibited from (re)joining the Windows host OS to the enterprise domain.”

SolarWinds, in a December 14 filing to the Securities and Exchange Commission, said fewer than 18,000 customers were impacted by this breach, and the company provided 33,000 customers with information on how to mitigate potential damage on their website.

The Departments of Treasury and Commerce were affected by this data hack. The extent of the breach at other agencies is still being investigated.

CISA is currently without a permanent director. Former CISA Director Chris Krebs, who was fired in November for disputing election fraud claims, tweeted after news of the hack, “Immediately activate your incident response team. Odds are you're not affected, as this may be a resource intensive hack. Focus on your Crown Jewels. You can manage this.”

The 2021 National Defense Authorization Act (NDAA) reestablishes the position of National Cybersecurity Director in the White House and places a significant focus on improving cyber security.

While the full scope of the breach is still being assessed, email accounts may have been compromised as early as June 2020. Sue Gordon, a former top deputy in the Office of the Director of National Intelligence, said of the breach, “It is massively disruptive once you have long-term penetration by a nation-state.”