British cyber spies are today urgently investigating a major suspected Russian hack that has caused chaos in the US amid fears UK government departments, police forces and private companies could be affected.
The sprawling attack is being called the biggest breach in American history and a ‘grave threat’ to the US government, after hackers got into networks used by the Pentagon, FBI, Treasury, State Department and nuclear security agencies.
Today, Britain’s Cyber Security Agency said it was investigating the hack, which used a Trojan horse hidden in a software update from network management firm SolarWinds.
The UK Government is refusing to say if any departments or public bodies have been hit, but publicly-available documents show that the infected update, called Orion, is used by the Home Office and Leicestershire Police.
SolarWinds clients also include large parts of the NHS, the Ministry of Defence, Cabinet Office, Ministry of Justice, GCHQ and the Civil Aviation Authority. But it is not clear if the departments used the Orion update, and officials will not confirm if they have been affected.
Microsoft has also been hit, and today it identified 40 clients that had been affected, including some in the UK. Reports say most of America’s 500 largest companies are affected, but the scale of the impact of Britain’s private sector is not yet clear.
Today, Britain’s Cyber Security Agency said it was investigating the hack, which used a Trojan horse hidden in a software update from network management firm SolarWinds. File photo
Officials in the US say the attack went undetected for nearly nine months, allowing the hackers free range in the affected networks, including at the Pentagon, FBI, Treasury, State Department and nuclear security agencies, and that the true scale of the stolen information may never be known.
‘There will be a price to pay for this,’ vowed Senate Minority Whip Dick Durbin, an Illinois Democrat, in a floor speech today.
‘This is nothing short of a virtual invasion by the Russians into critical accounts of the federal government.’
‘When adversaries such as Russia torment us, tempt us, breach the security of our nation, we need to respond in kind,’ said Durbin, though noting he was not calling for ‘all-out war’.
President-elect Joe Biden also vowed a tough response, saying in a statement: ‘Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.’
Biden vowed to ‘disrupt and deter’ future cyber attacks by ‘imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.’
The White House has not yet commented on the breach. The attack, if authorities can prove it was carried out by Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.
Officially, the U.S. Cybersecurity and Infrastructure Security Agency has not publicly identified Russia as the source of the attack, and Russia denies involvement. But private security companies say that all signs point to the Kremlin.
Asked whether Russia was behind the attack, a U.S. official said: ‘We believe so. We haven’t said that publicly yet because it isn’t 100 percent confirmed.’
CISA warned the sophisticated attack was hard to detect and will be difficult to undo. ‘This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,’ the agency said in a flash bulletin.
US president-elect Joe Biden also vowed a tough response, saying in a statement: ‘Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults’
The agency said that the intrusion, which it dubbed SUNBURST, posed a ‘grave risk’ to ‘critical infrastructure’ in both the public and private sector, and at all levels of government.
In a statement to DailyMail.com on Thursday, a Microsoft spokesperson confirmed that the company had detected and removed malicious code from the SolarWinds attack within the company, but denied that any of its products were affected.
Microsoft is one of the world’s largest technology companies, with clients across the public and private sector, and last year was awarded the $10 billion JEDI contract to run the Department of Defense’s cloud computing system.
‘We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,’ the spokesperson said.
As well, the two agencies responsible for maintaining America’s nuclear weapons stockpile have evidence they were compromised in the attack, which also breached the Pentagon, FBI, Treasury and State Department.
‘This is looking like it’s the worst hacking case in the history of America,’ one U.S. official said on condition of anonymity. ‘They got into everything.’
A UK National Cyber Security Centre spokesman said: ‘We are continuing to investigate this incident and have produced guidance for SolarWinds’ Orion suite customers.
‘While it is important to note this issue has only been reported for the Orion product suite and will therefore not impact all SolarWinds customers, we strongly urge those who are affected to follow our guidance.’
Dmitry Peskov, a Kremlin spokesman, said in response to allegations of Russian involvement: ‘Once again, I can reject these accusations and once again I want to remind you that it was President [Vladimir] Putin who proposed that the American side agree and conclude agreements [with Russia] on cyber security.’
Microsoft was breached in the massive suspected Russian campaign that has hit multiple US government agencies, according to people familiar with the matter