This week news agencies are reporting that at least 18,000 companies and/or groups in the U.S. are thought to have been hacked by a cyber hacking group called Cozy Bear or APT29.
The hacking in this country is part of a global espionage campaign that stretches back months and is being attributed by some to Russian hackers who installed malware on computer systems around the world.
Wikipedia defines malware as any software intentionally designed to cause damage to a computer, server, client or computer network.
Joe Simenstad of Aitkin provided some insights into what compromises of U.S. government agency computer systems mean for the average person in Aitkin County. Simenstad is a computer and information technology service provider in Aitkin, doing business as ICanHelp. He is also a part-time IT support staff person for the McGregor School district,ISD4.
“The software being compromised is network monitoring software whose code base got infiltrated. The hackers then substituted other code, and because network monitoring software has broad access on networks, the hackers gained access to many government offices. The full extent of the data breach is not yet known, but it was going on for a long time before it was detected,” said Simenstad on Tuesday last week.
“While only 18,000 groups, including the departments of treasury and commerce, had downloaded the software that this update was part of, it is thought to have potentially spread to hundreds of thousands of computers. The malware could very much be everywhere,” he said. “Locally, it opens us up to all kinds of risk, but we won’t know for a very long time at a local level what confidential information was shared. This group known as Cozy Bear had actually shut down an electrical grid in Ukraine as a test, so depending on what they are doing it could affect all kinds of things.”
The other big problem, Simenstad said, is that it may not just be records that are at risk; they may have back doors into financial markets. “We have no idea yet. There is probably nothing an individual Aitkin County resident can do at the moment, but it would be a good idea for people to keep paper copies of any significant financial records and investments they might have.”
Simenstad has learned that the hackers may have had access since March; and that this was just the Trojan horse that let them in the door.
“Once they are in a system like this they can start moving laterally into other systems, based on other security information they might find.”
The scheme was uncovered by staff from a company called FireEye that noticed some suspicious traffic, just a couple of odd things, that alerted them to something that was not right. They started digging into it and found systems that were compromised and about two weeks ago found out where the compromise had come from. They initiated an immediate shutdown of affected government systems. Tech giant Microsoft, which has helped respond to the breach, revealed last week that it had identified more than 40 government agencies, think tanks, nongovernmental organizations and IT companies infiltrated by the hackers. Microsoft notified the treasury department that dozens of email accounts were compromised. Google was also affected.
“So far, Apple has not reported having been affected,” said Simenstad.
“This is a really, really huge deal because it’s literally unknowable how far they have gone. The affected software is network monitoring software (made by U.S. company SolarWinds) so there are few limits to what they could have accessed,” Simenstad concluded.
The Associated Press reported on Dec. 22 that the U.S. Treasury Department was among the earliest known agencies reported to have been affected in a breach that now encompasses a broad spectrum of departments. The effects and consequences of the hack are still being assessed, though the Department of Homeland Security’s cybersecurity arm said in a statement last week that the intrusion posed a “grave” risk to government and private networks.
In treasury’s case, the breach began in July. But experts believe the overall hacking operation began months earlier when malicious code was slipped into updates to popular software that monitors computer networks of businesses and governments.
The AP reported the victims have included government, consulting, technology, telecom and oil and gas companies in North America, Europe, Asia and the Middle East, according to FireEye.