Massive US cyberattack discovered after suspicious login
FireEye, the US cybersecurity company that discovered the massive cyberattack on numerous US government agencies and companies after being hacked, initially investigated after a suspicious login, news site Politico reports.
The hackers would have gained access to the FireEye network by allowing an employee to log onto a fake page and thus steal his login details, which would have entrusted representatives of FireEye to parliamentarians.
Foreign hackers, allegedly affiliated with the Russian security forces, have been able to access the networks of multiple US ministries, government agencies, and companies for months, it came out this week.
FireEye tipped off the government after it discovered a back door in the software of supplier SolarWinds, of which the American government was also a customer, during an investigation into a hack at its own company.
Asked about the embarrassing story that a worker would have been led around by the hackers, FireEye denied that lecture. Managers said that FireEye discovered the break-in when the hackers wanted to log into the company network with a new device. The spokesperson for the cybersecurity company reiterated that the backdoor in the SolarWinds software was the direct cause of the cyber attack on FireEye.
Attack “significant and ongoing”
The cyberattack on US government networks is “significant and ongoing,” the federal police force FBI, cybersecurity agency CISA and the national intelligence chief said in a joint statement Wednesday. The FBI says it is busy with investigations to identify the hackers, track down and disrupt their activities.
In recent days, American media has reported that the Ministries of Commerce, Finance, Homeland Security, Foreign Affairs, and Defense, among others, have been hit. In addition, the hackers would also have successfully broken into the network of the National Health Institutes (NIH).
The US State Department declined to comment on Monday. The NIH did not comment either. On Wednesday, the Pentagon said it has “no evidence” that the Defense Department networks have been compromised.