2020 United States federal government data breach

2020 United States federal government data breach
Date
  • Before October 2019 (start of supply chain compromise)[8]
  • March 2020 (possible federal breach start date)[9][10]
  • December 13, 2020 (breach acknowledged)[9][10]
DurationAt least 8[11] or 9 months[12]
LocationUnited States, United Kingdom, Spain, Israel, United Arab Emirates, Canada, Mexico, others[13]
TypeCyberattack, data breach
ThemeMalware, backdoor, advanced persistent threat, espionage
Cause
TargetU.S. federal government, state and local governments, and private sector
First reporter
Suspects

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches.[1][28][29] The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access.[35] Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches.[1][36][37] Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.[36]

The attack, which had gone undetected for months, was first publicly reported on December 13, 2020,[25][26] and was initially only known to have affected the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce.[42] In the following days, more departments and private organizations reported breaches.[1][5][36]

The cyberattack that led to the breaches began no later than March 2020.[9][10] The attackers exploited software or credentials from at least three U.S. firms: Microsoft, SolarWinds, and VMware.[43][21] A supply chain attack on Microsoft cloud services provided one way for the attackers to breach their victims, depending upon whether the victims had bought those services through a reseller.[16][17][18] A supply chain attack on SolarWinds's Orion software, widely used in government and industry, provided another avenue, if the victim used that software.[12][44] Flaws in Microsoft and VMware products allowed the attackers to access emails and other documents,[23][24][14][15] and to perform federated authentication across victim resources via single sign-on infrastructure.[21][45][46]

In addition to the theft of data, the attack caused costly inconvenience to tens of thousands of SolarWinds customers, who had to check whether they had been breached, and had to take systems offline and begin months-long decontamination procedures as a precaution.[47][48] U.S. Senator Richard J. Durbin described the cyberattack as tantamount to a declaration of war.[49][4] President Donald Trump was silent for several days after the attack was publicly disclosed. He suggested that China, not Russia, might have been responsible for it, and that "everything is well under control".[50][51][52]

  1. ^ a b c d e Sanger, David E.; Perlroth, Nicole; Schmitt, Eric (December 15, 2020). "Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit". The New York Times. Archived from the original on December 18, 2020. Retrieved December 15, 2020.
  2. ^ Cite error: The named reference wsj-2021-01-14 was invoked but never defined (see the help page).
  3. ^ Cite error: The named reference bloomberg-2020-12-17 was invoked but never defined (see the help page).
  4. ^ a b c d e Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (December 16, 2020). "Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack". The New York Times. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  5. ^ a b Stubbs, Jack; Satter, Raphael; Menn, Joseph (December 15, 2020). "U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack". Reuters. Archived from the original on December 15, 2020. Retrieved December 15, 2020.
  6. ^ Cite error: The named reference cnn-2020-12-16 was invoked but never defined (see the help page).
  7. ^ Cite error: The named reference ars-2021-01-07 was invoked but never defined (see the help page).
  8. ^ Kovacs, Eduard (December 18, 2020). "SolarWinds Likely Hacked at Least One Year Before Breach Discovery". SecurityWeek.com. Archived from the original on February 18, 2021. Retrieved December 18, 2020.
  9. ^ a b c Cite error: The named reference reuters was invoked but never defined (see the help page).
  10. ^ a b c Cite error: The named reference chron was invoked but never defined (see the help page).
  11. ^ "SolarWinds Orion: More US government agencies hacked". BBC. December 15, 2020. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  12. ^ a b Cite error: The named reference wapo-2020-12-14-classic was invoked but never defined (see the help page).
  13. ^ Cook, James (December 18, 2020). "Microsoft warns UK companies were targeted by SolarWinds hackers". The Telegraph. Archived from the original on April 19, 2021. Retrieved December 21, 2020.
  14. ^ a b Cite error: The named reference sw-2020-12-15 was invoked but never defined (see the help page).
  15. ^ a b Cite error: The named reference at-2020-12-15 was invoked but never defined (see the help page).
  16. ^ a b Nakashima, Ellen (December 24, 2020). "Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk". The Washington Post. Archived from the original on December 8, 2022. Retrieved March 24, 2023.
  17. ^ a b Menn, Joseph; Satter, Raphael (December 24, 2020). "Suspected Russian hackers used Microsoft vendors to breach customers". Reuters. Archived from the original on March 24, 2021. Retrieved December 25, 2020.
  18. ^ a b Perlroth, Nicole (December 25, 2020). "Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks". The New York Times. Archived from the original on May 31, 2021. Retrieved December 25, 2020.
  19. ^ Cite error: The named reference zdnet was invoked but never defined (see the help page).
  20. ^ Cite error: The named reference di-2020-12-16 was invoked but never defined (see the help page).
  21. ^ a b c d "VMware Flaw a Vector in SolarWinds Breach?". Krebs on Security. December 7, 2020. Archived from the original on March 11, 2021. Retrieved December 18, 2020.
  22. ^ Cite error: The named reference bloomberg-2020-12-18-vmware was invoked but never defined (see the help page).
  23. ^ a b c d Cite error: The named reference intercept-2020-12-17 was invoked but never defined (see the help page).
  24. ^ a b Cite error: The named reference cs-2020-09-21 was invoked but never defined (see the help page).
  25. ^ a b Cite error: The named reference reuters-initial was invoked but never defined (see the help page).
  26. ^ a b c d e Cite error: The named reference wapo was invoked but never defined (see the help page).
  27. ^ a b Cite error: The named reference nbc was invoked but never defined (see the help page).
  28. ^ "US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo". BBC. December 19, 2020. Archived from the original on May 27, 2021. Retrieved December 19, 2020.
  29. ^ Kantchev, Georgi; Strobel, Warren P. (January 2, 2021). "How Russia's 'Info Warrior' Hackers Let Kremlin Play Geopolitics on the Cheap". Wall Street Journal. ISSN 0099-9660. ProQuest 2474544289. Archived from the original on January 8, 2021. Retrieved January 5, 2021.
  30. ^ Bossert, Thomas P. (December 17, 2020). "Opinion | I Was the Homeland Security Adviser to Trump. We're Being Hacked". The New York Times. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  31. ^ Sebenius, Alyza; Mehrotra, Kartikay; Riley, Michael (December 14, 2020). "U.S. Agencies Exposed in Attack by Suspected Russian Hackers". Bloomberg.com. Bloomberg L.P. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  32. ^ Fox, Ben (December 17, 2020). "Cyber attack may be 'worst hacking case in the history of America'". Las Vegas Review-Journal. Associated Press. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  33. ^ Riotta, Chris (December 17, 2020). "US under major active cyberattack from Russia, Trump's former security adviser warns". The Independent. New York. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  34. ^ Paul, Kari; Beckett, Lois (December 18, 2020). "What we know – and still don't – about the worst-ever US government cyber-attack". The Guardian. Archived from the original on December 20, 2020. Retrieved December 20, 2020.
  35. ^ [30][31][32][33][34]
  36. ^ a b c Gallagher, Ryan; Donaldson, Kitty (December 14, 2020). "U.K. Government, NATO Join U.S. in Monitoring Risk From Hack". Bloomberg.com. Bloomberg L.P. Archived from the original on December 15, 2020. Retrieved December 16, 2020.
  37. ^ Turton, William (December 19, 2020). "At Least 200 Victims Identified in Suspected Russian Hacking". Bloomberg. Archived from the original on April 6, 2021. Retrieved December 20, 2020.
  38. ^ Macias, Amanda (December 13, 2020). "White House acknowledges reports of cyberattack on U.S. Treasury by foreign government". CNBC. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  39. ^ Sanger, David E. (December 13, 2020). "Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect". The New York Times. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  40. ^ Rosenberg, Adam (December 13, 2020). "Russian government-backed hackers breached the U.S. Treasury, Commerce departments". Mashable. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  41. ^ Wade, Peter (December 13, 2020). "Treasury, Commerce, Other Agencies Hacked by Russian Government Spies, Report Says". Rolling Stone. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  42. ^ [26][38][39][40][41]
  43. ^ Menn, Joseph (December 18, 2020). "Microsoft says it found malicious software in its systems". Reuters. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  44. ^ Wolff, Josephine (December 16, 2020). "What We Do and Don't Know About the Massive Federal Government Hack". Slate. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  45. ^ Cimpanu, Catalin (December 18, 2020). "NSA warns of federated login abuse for local-to-cloud attacks". Zero Day. Ziff-Davis. Archived from the original on February 9, 2021. Retrieved December 19, 2020.
  46. ^ Cite error: The named reference reuters-2020-12-22 was invoked but never defined (see the help page).
  47. ^ Porter, Tom (December 17, 2020). "It could take years to evict Russia from the US networks it hacked, leaving it free to destroy or tamper with data, ex-White House official warns". Business Insider. Archived from the original on August 8, 2022. Retrieved March 24, 2023.
  48. ^ Cite error: The named reference sc-2020-12-15 was invoked but never defined (see the help page).
  49. ^ Gould, Joe (December 17, 2020). "No. 2 Senate Democrat decries alleged Russian hack as 'virtual invasion'". Defense News. Archived from the original on January 31, 2021. Retrieved December 21, 2020.
  50. ^ Cite error: The named reference hill-2020-12-19 was invoked but never defined (see the help page).
  51. ^ Colvin, Jill; Lee, Matthew (December 19, 2020). "Trump downplays Russia in first comments on hacking campaign". Associated Press. Archived from the original on February 23, 2021. Retrieved December 20, 2020.
  52. ^ Cite error: The named reference cnn-2020-12-19 was invoked but never defined (see the help page).