Michigan says elections department does not use compromised SolarWinds Orion software
As multiple U.S. federal agencies report breaches by hackers who used a compromised software manufactured by IT company SolarWinds to infiltrate government computer networks, the state of Michigan says that so far there is "no indication" that the state network was affected.
Michigan, a key battleground state in the 2020 presidential election, has been the focus of multiple allegations of voter fraud and election irregularities made by lawyers for President Donald Trump's campaign and others. When reports emerged earlier this week that a "highly-sophisticated, targeted and manual supply chain attack by a nation state" compromised SolarWinds' Orion suite of network management software, rampant speculation immediately began as to whether the cyberattack somehow influenced the 2020 U.S. presidential election in Michigan and elsewhere.
SolarWinds services multiple government clients in addition to private sector customers with its software. Rumors initially swirled that Dominion Voting Systems, the voting machine manufacturer at the center of allegations of election tampering made by President Donald Trump and his allies, used SolarWinds products and questions were raised about whether voting machines were hacked before the election.
Reporting by the Wall Street Journal's Alexa Corse and others clarified that while Dominion does in fact use SolarWinds Serv-U product, the company does not use the compromised Orion product line. Following these reports, independent journalist Kyle Becker obtained a copy of a document from the state of Michigan's Department of Technology, Management, and Budget (DTMB) that said the state of Michigan used SolarWinds Orion products.
MICHIGAN.🚨Today, Dominion's CEO denied that the company had ever had any business with Orion SolarWinds, the tech… https://t.co/ssZ42koSao— Kyle Becker (@Kyle Becker)1608083943.0
Caleb Buhs, a spokesman for the DTMB confirmed to TheBlaze that Michigan uses SolarWinds Orion IT tools and that the state is investigating whether its networks were compromised in the cyberattack, as the Cybersecurity and Infrastructure Agency (CISA) recommended.
"Upon notification of the SolarWinds – Orion compromise, the state of Michigan started a forensic investigation of the state network in accordance with the recommended steps outlined by the U.S. Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA)," Buhs told TheBlaze.
"To date, there is no indication that the SolarWinds – Orion compromise was activated within the state network," he said.
"To protect the state environment, DTMB continues to monitor the environment and will follow any additional steps that may be recommended by CISA as more information is released," Buhs added.
The spokesman also said that the Michigan Department of State, Bureau of Elections systems do not use the SolarWinds Orion software.
Multiple federal agencies, including the U.S. Treasury and Commerce Departments and the Department of Energy and National Nuclear Security Administration have reported breaches in what officials say was a widespread cyberattack suspected to be conducted by foreign actors.
Cybersecurity firm FireEye in a blog post stated that hackers gained access to numerous public and private organizations through trojanized updates to SolarWinds' Orion software. According to cybersecurity reporter Brian Krebs, the cyberattack could have affected as many as 18,000 SolarWinds customers.
The full extent of the cybersecurity compromise could remain unknown for some time as federal and state authorities conduct their investigations.
Report: U.S. agencies responsible for nuclear arsenal targeted in SolarWinds cyberattack
A new report reveals that hackers were able to infiltrate the U.S. Department of Energy and the National Nuclear Security Administration, which oversees the U.S. nuclear weapons arsenal. The cyberattack against the DOE and NNSA is part of a larger espionage operation that has affected at least half a dozen federal agencies, Politico's Natasha Bertrand reports.
The Energy Department's chief information officer Rocky Campione briefed the departments about the attacks on Thursday and both agencies are now coordinating to brief members of Congress on the status of their network security.
The full extent of the cyberattack may not be known "for weeks," officials said.
From Politico:
They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation and the Richland Field Office of the DOE. The hackers have been able to do more damage at FERC than the other agencies, the officials said, but did not elaborate.
Federal investigators have been combing through networks in recent days to determine what hackers had been able to access and/or steal, and officials at DOE still don't know whether the attackers were able to access anything, the people said, noting that the investigation is ongoing and they may not know the full extent of the damage "for weeks."
Spokespeople for DOE did not immediately respond to requests for comment.
The Sandia and Los Alamos National Labs conduct atomic research related to the development of nuclear power and nuclear weapons. The Office of Secure Transportation is responsible for moving enriched uranium and other materials needed to maintain the nuclear stockpile, Politico reports. As for the attack on the Federal Energy Regulatory Commission, Politico's report speculates that it was targeted to gain information that may help malicious actors find vulnerabilities in the nation's bulk electric grid.
The report emphasizes how seriously United States national security is threatened by foreign hackers who were able to infiltrate U.S. government computer systems by compromising software from IT company SolarWinds, which has hundreds of government and private-sector clients.
In a joint statement released Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) confirmed the existence of a "significant and ongoing cybersecurity campaign."
"This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," the statement read.
In response to the threat, the FBI has launched investigations to "attribute, pursue, and disrupt the responsible threat actors," and CISA issued an emergency directive ordering federal civilian agencies to immediately shut down affected SolarWinds Orion products in their network.
The ODNI is coordinating a response from the U.S. Intelligence Community to share information across the United States government.
Former Trump adviser: Russia could have 'access' to hacked gov’t networks for years with power to ‘destroy or alter data’
A former homeland security adviser to President Donald Trump is warning that Russia may well have "persistent access" to hacked U.S. government networks for years to come with power to "destroy or alter data" after communications at several U.S. agencies were reportedly compromised.
Tom Bossert, who also served as deputy homeland security adviser to President George W. Bush, claimed in a New York Times op-ed on Wednesday that "the Russians have had access to a considerable number of important and sensitive networks for six to nine months."
Earlier this week, IT company SolarWinds announced that one of its network managing products had been compromised in a "highly-sophisticated, targeted and manual supply chain attack by a nation state." Shortly after, reports surfaced indicating experts believed hackers working for the Russian government were responsible.
The Cybersecurity and Infrastructure Agency issued an emergency directive ordering agencies to "review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately."
The hack began as early as March when malicious code was snuck into an update for the popular software used by many businesses and government agencies. Essentially, any organization that downloaded the update may have been breached, allowing the hackers to see communications and steal information. The hack went on undetected for months and was only discovered after prominent cybersecurity firm FireEye determined it had been compromised, the Associated Press reported.
"While the Russians did not have the time to gain complete control over every network they hacked, they most certainly did gain it over hundreds of them," Bossert wrote. "It will take years to know for certain which networks the Russians control and which ones they just occupy."
"The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated," he continued, noting how both actual and perceived control of so many networks could undermine public trust in communications and data services.
"In the networks that the Russians control, they have the power to destroy or alter data, and impersonate legitimate people," he added. "Domestic and geopolitical tensions could escalate quite easily if they use their access for malign influence and misinformation — both hallmarks of Russian behavior."
According to Reuters, communications at the U.S. Treasury and Commerce Departments were breached. Several other federal agencies, including the State Department, Department of Homeland Security, National Institutes of Health, and even the Pentagon may have been compromised, as well.
There may be some good news, though. GeekWire reported Wednesday that cybersecurity experts at Microsoft have been taking dramatic steps over the last few days to "obliterate the actions" of the hackers.
Today's top stories
www.theblaze.com
freebeacon.com