18 December 20, 15:07
Quote:The Energy Department and its National Nuclear Security Administration (NNSA), which is the agency that maintains the U.S. nuclear stockpile, have been compromised as part of the widespread cyberattack uncovered this week stemming from the massive SolarWinds hack.
An exclusive report by Politico cited DoE official sources who said that their department was infiltrated by the cyberattackers, including hits on the NNSA; the Federal Energy Regulatory Commission (FERC) which has oversight for the entire department; the Sandia and Los Alamos national laboratories in Washington and New Mexico; and the Richland Field Office of the DOE.
NBC News on Thursday evening said that it had confirmed the report.
The sources also said that not only was the DoE caught up in the espionage portion of the campaign, but that the attackers have been able to do “more damage at FERC than the other agencies,” and that they have evidence of “highly malicious activity” aimed there, the officials said. They offered no other details.
DOE and NNSA officials have begun the notification process for their congressional oversight bodies, sources added.
With the DoE, the number of government divisions known to be impacted comes to six; that includes the Pentagon, the Department of Homeland Security, the National Institute of Health, the Department of Treasury and the Department of Commerce.
The Cybersecurity and Infrastructure Security Agency (CISA) warned earlier on Thursday that the already sprawling cyberattack could be much larger than originally thought. The known attack vector for the incident is SolarWinds’ Orion network management platform, whose users were infected by a stealth backdoor that opened the way for lateral movement to other parts of the network. It was pushed out via trojanized product updates to almost 18,000 organizations around the globe.
Now, it appears that SolarWinds may not be alone in its attack-vector role in the campaign. “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” it said in an updated bulletin on Thursday.
Read more: https://threatpost.com/nuclear-weapons-a...ck/162387/