Apparently not content with having penetrated the networks of such piddling federal agencies as the U.S. State Department, the Department of Homeland Security, and that agency that maintains our nuclear stockpile, the hackers of the SolarWinds affair also went after NASA and the Federal Aviation Administration, according to a new report from the Washington Post.
The report comes shortly after a briefing last week when White House national security adviser Anne Neuberger explained that approximately 100 different companies and a total of nine federal agencies had been successfully compromised by foreign hackers. The foreign intrusion campaign (likely Russian in origin, as officials have put it) is thought to be the largest in U.S. history.
The Neuberger update was the first official tally provided by the Biden administration on the extent to which government networks had been breached. At the time of her comments, all but two of those nine agencies had already been outed as targets (they include: the State Department, DHS, and the Departments of Energy, Justice, Commerce, Treasury, and the National Institutes of Health). Now, the Washington Post seems to have identified the stragglers. Per the papers report:
Last week, Neuberger said the government found that computer systems at nine federal agencies were compromised. She did not name them, but The Post has confirmed the identities with U.S. officials. They include NASA and the Federal Aviation Administration, which have not previously been publicly identified.
It is unknown what kind of access the hackers may have had to either agency. However, officials have said that, in instances where the government was breached, all data that was stolen was unclassified and that operational systems were never accessed. NASA reportedly told the newspaper that they continue to work with the U.S. cyber agency CISA on mitigation efforts to secure NASAs data and network. We have reached out to both NASA and the FAA for comment and will update if they respond.
The revelations add little to the overall SolarWinds narrative, but underline the scope of the intel-gathering operations conducted against American targets by foreign operators. They also conjure speculation about the potential damage a more nefarious cyber campaign might wreak. Indeed, its not exactly comforting to imagine hackers targeting the federal agency charged with making sure airplanes dont crash.
Details about the breaches have continued to emerge at a steady pace, as federal investigations into the intrusions pick up. Since the U.S. has tentatively blamed Russia for the attacks (some reports have shown China may also be involved), the Biden administration is reportedly preparing sanctions in retaliation.
On Tuesday, the U.S. Senate Select Committee on Intelligence held one of several recent hearings into the matter, with representatives from many of the IT firms targeted by the campaign (including SolarWinds, Microsoft, FireEye and CrowdStrike). The hearing yielded little new information but Committee Chairman Sen. Mark Warner perhaps best summed up the overall concerns on SolarWinds like so:
One of the reasons the SolarWinds hack has been especially concerning is that it was not detected by the multibillion dollar U.S. government cybersecurity enterprise, or anyone else, until the private cybersecurity firm FireEye publicly announced that it had detected a breach of its own network by a nation-state intruder. A very big question looming in my mind is: had FireEye not detected this compromise in December would we still be in the dark today?
Its a good point. How did Americas national security state miss this one? Why were the hackers allowed to gain as much ground as they did? We will likely have to sit tight for that one. Officials have said it will probably take months to conduct a full investigation.