'Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile .. The attack on DOE is the clearest sign yet that the hackers were able to access the networks belonging to a core part of the U.S. national security enterprise.
..
NNSA is responsible for managing the nation's nuclear weapons, and while it gets the least attention, it takes up the vast majority of DOE's budget. Similarly, the Sandia and Los Alamos National Labs conduct atomic research related to both civil nuclear power and nuclear weapons. The Office of Secure Transportation is tasked with moving enriched uranium and other materials critical for maintaining the nuclear stockpile.
..
The attack on the Federal Energy Regulatory Commission may have been an effort to disrupt the nation's bulk electric grid. FERC doesn't directly manage any power flows, but it does store sensitive data on the grid that could be used to identify the most disruptive locations for future attacks.'
- Politico,
Nuclear weapons agency breached amid massive cyber onslaught, December 17, 2020
'..the federal government would do well to assume that its computer systems are still being actively infiltrated and not imagine that, simply having discovered this breach, they are anywhere close to reaching the end of it.''This means that the set of potential victims is not just (just!) the 18,000 SolarWinds customers who may have downloaded the compromised updates, but also all of those 18,000 organizations’ customers, and potentially the clients of those second-order organizations as well—and so on. So when I say the SolarWinds cyberespionage campaign will last years, I don’t just mean, as I usually do, that figuring out liability and settling costs and carrying out investigations will take years (though that is certainly true here). The actual, active theft of information from protected networks due to this breach will last years.
..
So the access that the intruders had using the SolarWinds updates goes far beyond the access granted by many initial cyberespionage compromises, and the number of potential targets is enormous—and only growing every time we learn about the ways that each of those targets may have been leveraged to access new victims. As we continue to unravel all the different strands of this compromise, the federal government would do well to assume that its computer systems are still being actively infiltrated and not imagine that, simply having discovered this breach, they are anywhere close to reaching the end of it.'
The SolarWinds Hack Is Unlike Anything We Have Ever Seen Before, December 18, 2020
'..President-elect Joe Biden issued a statement Thursday that he will work to punish those responsible for the attack and make cybersecurity "imperative". '
-
Russian hack against the U.S. government ‘will take years to overcome,’ former national intelligence official says, December 17, 2020
'(Bloomberg) -- The U.S. nuclear weapons agency and at least three states were hacked as part of a suspected Russian cyber-attack that struck a number of federal government agencies, according to people with knowledge of the matter, indicating widening reach of one of the biggest cybersecurity breaches in recent memory.'
-
Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed, December 18, 2020
'The supply chain attack used to breach federal agencies and at least one private company poses a “grave risk” to the United States, in part because the attackers likely used means other than just the SolarWinds backdoor to penetrate networks of interest, federal officials said on Thursday. One of those networks belongs to the National Nuclear Security Administration, which is responsible for the Los Alamos and Sandia labs, according to a report from
Politico.'
-
SolarWinds hack that breached gov networks poses a “grave risk” to the nation, December 17, 2020
ContextMicrosoft head calls SolarWinds hack 'act of recklessness': What you need to know, December 18, 2020
(SolarWinds hack) - 'Put simply, we need a more effective national and global strategy to protect against cyberattacks.'