| Advertisement |
Dec. 17 (UPI) -- U.S. cybersecurity officials on Thursday warned of "a grave risk to the federal government" posed by a hack linked to weaknesses in a network security software affecting several agencies and Fortune 500 companies. The Cybersecurity and Infrastructure Security Agency issued an alert warning that the scope of the attack targeting the departments of Homeland Security, Commerce and Treasury was broader than initially thought.
Advertisement
"CISA has determined that this threat poses a grave risk to the federal government and state, local, tribal and territorial governments as well as critical infrastructure entities and other private sector organizations," the agency said.
On Monday, CISA said the attack targeted a vulnerability in SolarWinds products, which are used by more than 300,000 customers, including more than 400 of the U.S. Fortune 500 companies, five branches of the U.S. military, and the Departments of Defense, State and Justice, as well as the office of the president.
In Thursday's alert, CISA said that SolarWinds products were not the only way cyberattackers were able to access the agencies and warned that organizations with suspected compromises must be "highly conscious of operational security."
"Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security and is willing to expend significant resources to maintain covert presence," CISA said.
Thursday's alert did not include specific details on the origin of the attack, though the Russian intelligence service, SVR, is believed to be behind them. Russian officials, however, have denied involvement.
Shortly after the CISA alert, President-elect Joe Biden issued a statement saying that his administration will make cybersecurity a top priority and work to "disrupt and deter our adversaries" from launching cyberattacks.
"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners," Biden said. "Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation."
