U.S. Department of Energy Hit with Massive Cyberattack; Nuclear Weapons Agency Hacked
The United States Energy Department and the NNSA (National Nuclear Security Agency) have been compromised as part of a widespread cyberattack uncovered earlier this week originating from the massive hack on SolarWinds. In a report published by Politico, in which multiple DoE sources were cited, the department was infiltrated by the threat actors with the NNSA, the FERC (Federal Energy Regulatory Commission), the Sandia and Los Alamos national laboratories in Washington and New Mexico, and the Richland Field Office of the DoE, all under attack by the same actors.
Offering little details, the sources behind the Politico report also claimed that the attackers may have been able to do “more damage at FERC than” any of the other agencies and there exists evidence of “highly malicious activity” aimed there. The DoE and NNSA have both begun the notification process for their respective congressional oversight committees.
With the DoE, the number of government divisions known to be impacted comes to six; that includes the Pentagon, the Department of Homeland Security, the National Institute of Health, the Department of Treasury and the Department of Commerce.
The Cybersecurity and Infrastructure Security Agency (CISA) warned earlier on Thursday that the already sprawling cyberattack could be much larger than originally thought. The known attack vector for the incident is SolarWinds’ Orion network management platform, whose users were infected by a stealth backdoor that opened the way for lateral movement to other parts of the network. It was pushed out via trojanized product updates to almost 18,000 organizations around the globe.
It’s worth noting that it now appears that SolarWinds may not have been the only attack vector in this ongoing campaign as the CISA “has evidence of additional initial access vectors, other than the SolarWinds Orion platform.”
While the full extent of the attack is still unknown, as are those responsible for the attack, researchers and lawmakers both agree that due to the level of sophistication exhibited during the attack, it is likely that Russian Intelligence may have been responsible. The U.S. government has not made an official attribution though.
Sources: