The federal Cybersecurity and Infrastructure Security Agency said Thursday that the hacking campaign that targeted the federal government is larger than what was previously known.
"One of the initial access vectors for this activity is a supply chain compromise of the following SolarWinds Orion products. CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated," CISA said in a statement on Thursday.
The agency also furthermore warned that the threat "Poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities" as well as the private sector.
CISA said that it will continue to investigate incidents that "Exhibit adversary TTPs consistent with this activity, including were victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed."
On Sunday night, CISA issued a federal government-wide directive to purge all agency networks of possibly compromised servers after finding out that the U.S. Departments of Treasury and Commerce were breached.
Other federal government agencies are also said to have been compromised.
Several senators sent a letter to FBI Director Christopher Wray asking for the "Scope and details" of the hacking-and its impact on the operations of the federal government.
Thursday, December 17, 2020
Hack of Federal Government Larger Than Previously Thought, Warns CISA
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment