British cyber spies are today urgently investigating a major suspected Russian hack that has caused chaos in the US amid fears UK government departments, police forces and private companies could be affected.
The sprawling attack is being called the biggest breach in American history and a ‘grave threat’ to the US government, after hackers got into networks used by the Pentagon, FBI, Treasury, State Department and nuclear security agencies.
Today, the UK Cyber Security Agency said it was investigating the incident, which saw attackers – thought to be working for the Kremlin – get into computer networks by installing a vulnerability in a software update from US tech firm SolarWinds.
The UK Government is refusing to say if any departments or civil authorities have been hit, but publicly-available documents show that the infected update, called Orion, has been used by the Home Office and Leicestershire Police.
SolarWinds clients also include large parts of the NHS, the Ministry of Defence, Cabinet Office, Ministry of Justice, GCHQ and the Civil Aviation Authority. But it is not clear if any of these bodies used the Orion update or if they have been affected.
Microsoft has also been hit, and today it identified 40 clients that had been exposed, including some in the UK. Reports say most of America’s 500 largest companies have been targeted, but the impact on Britain’s private sector is not yet clear.
Today, Britain’s Cyber Security Agency said it was investigating the hack, which used a Trojan horse hidden in a software update from network management firm SolarWinds. File photo
Officials in the US say the attack went undetected for nearly nine months, allowing the hackers free range in the affected networks, including at the Pentagon, FBI, Treasury, State Department and nuclear security agencies, and that the true scale of the stolen information may never be known.
‘There will be a price to pay for this,’ vowed Dick Durbin, an Illinois Democrat, in a speech in the US Senate today.
‘This is nothing short of a virtual invasion by the Russians into critical accounts of the federal government.’
‘When adversaries such as Russia torment us, tempt us, breach the security of our nation, we need to respond in kind,’ said Durbin, though noting he was not calling for ‘all-out war’.
President-elect Joe Biden also vowed a tough response, saying in a statement: ‘Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.’
Biden vowed to ‘disrupt and deter’ future cyber attacks by ‘imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.’
The White House has not yet commented on the breach. The attack, if authorities can prove it was carried out by Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.
Officially, the US Cybersecurity and Infrastructure Security Agency has not publicly identified Russia as the source of the attack, and Russia denies involvement. But private security companies say that all signs point to the Kremlin.
Asked whether Russia was behind the attack, a US official said: ‘We believe so. We haven’t said that publicly yet because it isn’t 100 percent confirmed.’
CISA warned the sophisticated attack was hard to detect and will be difficult to undo. ‘This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,’ the agency said in a flash bulletin.
The agency said that the intrusion, which it dubbed SUNBURST, posed a ‘grave risk’ to ‘critical infrastructure’ in both the public and private sector, and at all levels of government.
US president-elect Joe Biden also vowed a tough response, saying in a statement: ‘Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults’
In a statement to DailyMail.com on Thursday, a Microsoft spokesperson confirmed that the company had detected and removed malicious code from the SolarWinds attack within the company, but denied that any of its products were affected.
Microsoft is one of the world’s largest technology companies, with clients across the public and private sector, and last year was awarded the $10 billion JEDI contract to run the Department of Defense’s cloud computing system.
‘We have not found evidence of access to production services or customer data. Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,’ the spokesperson said.
As well, the two agencies responsible for maintaining America’s nuclear weapons stockpile have evidence they were compromised in the attack, which also breached the Pentagon, FBI, Treasury and State Department.
‘This is looking like it’s the worst hacking case in the history of America,’ one US official said on condition of anonymity. ‘They got into everything.’
A UK National Cyber Security Centre spokesman said: ‘We are continuing to investigate this incident and have produced guidance for SolarWinds’ Orion suite customers.
‘While it is important to note this issue has only been reported for the Orion product suite and will therefore not impact all SolarWinds customers, we strongly urge those who are affected to follow our guidance.’
Dmitry Peskov, a Kremlin spokesman, said in response to allegations of Russian involvement: ‘Once again, I can reject these accusations and once again I want to remind you that it was President [Vladimir] Putin who proposed that the American side agree and conclude agreements [with Russia] on cyber security.’
MailOnline has contacted SolarWinds for comment.
Microsoft was breached in the massive suspected Russian campaign that has hit multiple US government agencies, according to people familiar with the matter