US officials did not detect the attack until recent weeks, and then only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defences.
About 18,000 private and government users downloaded a Russian tainted software update — a Trojan horse of sorts — that gave its hackers a foothold into victims’ systems, according to SolarWinds, the company whose software was compromised. The hack began as early as
March. Among those who use SolarWinds software are the Centers for Disease Control and Prevention, the state department, the justice department and parts of the Pentagon. Los Alamos National Laboratory, where nuclear weapons are designed, also uses SolarWinds products to monitor their networks. So do major defence contractors like Boeing, which declined on Monday to discuss the attack. The department of homeland security issued an obfuscating official statement: “The department is aware of reports of a breach. We are currently investigating the matter.”
Parts of the Pentagon were also affected. “The DOD is aware of the reports and is currently assessing the impact,” said Russell Goemaere, a Pentagon spokesperson. A state department spokesperson declined to comment. The early assessments of the intrusions — believed to be the work of Russia’s SVR, a successor to the KGB — suggest that the hackers were highly selective about which victims they exploited for further access and data theft. NYT