At least three state governments were compromised in a widespread hacking operation that’s also swept up much of the federal government and that U.S. authorities believe is the work of Russian government-backed actors.
At least three state governments were compromised in a widespread hacking operation that’s also swept up much of the federal government and that U.S. authorities believe is the work of Russian government-backed actors, it was reported Thursday.
According to Bloomberg News, three state governments joined several federal agencies — including the departments of Treasury, Commerce, Homeland Security and Energy — where hackers were able to access systems by exploiting network monitoring software from SolarWinds. The report did not identify the compromised state governments. Officials have pinned the operation, which was first reported Sunday, on a hacking group known alternatively as APT29 or Cozy Bear, which is linked to the SVR, the Kremlin’s foreign intelligence bureau.
While SolarWinds — which has said as many as 18,000 of its customers worldwide may have been subjected to malicious code injected into its supply chain — is a prominent federal IT contractor, several states are known to use its products as well.
State and local governments are not often targets of government-backed hackers like APT29, but states should move quickly to take steps to react to the SolarWinds operation if affected, said John Evans, a former chief information security officer for the State of Maryland.
“You want to see if you’re one of those 18,000 customers that received the malware passed through it,” said Evans, now the chief technology adviser with IT services provider World Wide Technology. “You want to fix it as soon as possible, get all the patches.”
Evans recommended that government cybersecurity officials do manual searches for indicators of compromise — the CISA alert lists several dozen — as well as any unusual lateral movement across networks.