Federal government finds evidence hackers used multiple methods to access agency networks

The Department of Homeland Security’s (DHS) cybersecurity agency on Thursday warned of the “grave” threat posed to federal systems by a recent massive espionage attack by a nation state, warning that the hackers used multiple methods to access the systems for months.

The Cybersecurity and Infrastructure Protection Agency (CISA) put out an alert detailing the attack, widely reported to be carried out by a Russian military hacking group, on IT company SolarWinds.

By infiltrating a vulnerability in the company’s Orion software, the group was able to access federal networks, with DHS, the Commerce, State and Treasury departments, and branches of the Pentagon among the agencies reportedly breached, with the hackers potentially having had access to the networks since March.

The Washington Post reported Sunday that the group behind the attack is a Russian military group known as “Cozy Bear,” a prolific hacking group that previously targeted the State Department during the Obama administration and COVID-19 vaccine researchers earlier this year.

“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” the agency wrote in the alert.

CISA, which put out an emergency directive earlier this week ordering all federal agencies to disconnect from SolarWinds software, warned that the hackers involved used other methods besides the SolarWinds vulnerability to access federal systems.

“CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the agency wrote.