Washington, Dec. 18, (dpa/GNA) – US government agencies and critical infrastructure entities have been compromised by hackers since “at least March,” the Cybersecurity and Infrastructure Security Agency (CISA), part of the Department of Homeland Security, confirmed Thursday.
The hackers have “demonstrated patience, operational security, and complex tradecraft in these intrusions,” CISA said in a statement, released four days after it ordered government agencies to disconnect their devices from the software SolarWinds, which was believed to be compromised.
The SolarWinds software is used by many government agencies and private businesses. Investigators are still working to ascertain the extent of the hack and what information has been compromised.
The hack was first reported by the US cybersecurity firm FireEye, which informed US intelligence agencies about a major security breach that appeared to be perpetrated by a state actor and that targeted “government customers.”
Security experts widely believe that Russia-backed hackers were behind these hacks.
In a statement on Facebook released Sunday, the Russian embassy in Washington denied that Moscow was involved in the hack, arguing that “Russia does not conduct offensive operations in the cyber domain.”
The US House of Representatives’ Intelligence Committee confirmed Wednesday that it had been briefed by US intelligence agencies about the breach.
“The seriousness and duration of this attack demonstrate that we still have enormous and urgent work to do to defend our critical information and networks, that we must move quicker than our adversaries do to adapt,” Congressman Adam Schiff, the committee’s chairman, said in a statement.
GNA