US Nuclear Weapons Agency Breached As Part Of Massive Cyberattack: Report

Tyler Durden's Photo
by Tyler Durden
Thursday, Dec 17, 2020 - 03:39 PM

The Department of Energy and National Nuclear Security Administration - which maintains the United States' nuclear weapons stockpile - was reportedly breached as part of a massive hack which affected at least six federal agencies, according to Politico, citing officials directly familiar with the matter.

On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies. They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation and the Richland Field Office of the DOE. The hackers have been able to do more damage at FERC than at the other agencies, the officials said, but did not elaborate. -Politico

According to the report, federal investigators have been assessing networks in recent days to try and get a handle on exactly what was accessed and/or stolen. DOE officials still don't know if anything was actually accessed.

The hack was reported over the weekend - and  conducted by Russian-backed hackers, according to the Washington Post - after Texas-based IT infrastructure provider SolarWinds' Orion Network Management products used across several industries and government applications, was breached earlier in the year.

"The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks," said US Cybersecurity and Infrastructure Security Agency (CISA) acting director, Brandon Wales. The agency has issued an emergency directive to federal and civilian agencies to review their networks for suspicious activity and to disconnect or power down SolarWinds Orion products immediately, according to TheHackerNews.

SolarWinds' networking and security products are used by more than 300,000 customers worldwide, including Fortune 500 companies, government agencies, and education institutions.

It also serves several major US telecommunications companies, all five branches of the US Military, and other prominent government organizations such as the Pentagon, State Department, NASA, National Security Agency (NSA), Postal Service, NOAA, Department of Justice, and the Office of the President of the United States.

FireEye, which is tracking the ongoing intrusion campaign under the moniker "UNC2452," said the supply chain attack takes advantage of trojanized SolarWinds Orion business software updates in order to distribute a backdoor called SUNBURST.

"This campaign may have begun as early as Spring 2020 and is currently ongoing," FireEye said in a Sunday analysis. "Post compromise activity following this supply chain compromise has included lateral movement and data theft. The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security." -TheHackerNews

Trump will undoubtedly be pressured to sanction Russia, lest he be accused of further Putin puppetry.