华盛顿——美国政府官员周日表示,他们正在努力确定漏洞的范围并解决问题,黑客入侵了包括财政部和商务部在内的联邦机构的网络。
联邦调查局和国土安全部的网络安全部门正在调查。
就在几天前,一家大型网络安全公司披露,外国政府黑客侵入了该公司的网络,窃取了该公司自己的黑客工具。许多专家怀疑俄罗斯对FireEye的攻击负责,FireEye是一家主要的网络安全公司,其客户包括联邦、州和地方政府以及全球顶级公司。
袭击之间没有直接联系,也不清楚是否俄罗斯我还负责财政部的黑客攻击,这是路透社首次报道的。国家安全委员会发言人约翰·乌尔约特在一份声明中说,政府正在“采取一切必要措施,确定和补救与这一局势有关的任何可能的问题。”
政府的网络安全和基础设施安全局分别表示,它一直在与其他机构合作,“针对最近在政府网络上发现的活动”。CISA正在向受影响的实体提供技术援助,帮助它们确定和减轻任何潜在的损害。”
总统唐纳德·特朗普上个月解雇了CISA的董事克里斯·克雷布斯,此前克雷布斯为总统选举的公正性提供了担保,并对特朗普关于普遍选举欺诈的说法提出了质疑。
联邦政府机构长期以来一直是外国黑客的诱人目标。2014年,与俄罗斯有关联的黑客能够侵入国务院的电子邮件系统,对其进行彻底感染,以至于在专家努力消除感染的同时,不得不将其从互联网上切断。
路透社早些时候报道说,一个由外国政府支持的团体从财政部和负责决定互联网和电信政策的商务部机构窃取了信息。据报道,情报机构担心其他机构也使用类似工具遭到黑客攻击。
财政部推迟了对国家安全委员会的评论。商务部发言人证实了“我们一个局的违规行为”,并表示“我们已经要求CISA和联邦调查局进行调查。”
上周二,美国著名网络安全公司FireEye表示,具有“世界级能力”的外国政府黑客闯入其网络,窃取了其用于探查数千名客户防御的攻击工具。这些客户包括联邦政府、州政府和地方政府以及顶级跨国公司。
火眼公司首席执行官凯文·曼迪亚在一份声明中说,黑客“主要是寻找与某些政府客户相关的信息”,但没有指名道姓。他说,没有迹象表明他们从该公司的咨询或违规响应业务或收集的威胁情报数据中获得客户信息。
FireEye对索尼和Equifax的数据泄露事件做出了回应,并帮助沙特阿拉伯挫败了一次石油行业的网络攻击,并在确定俄罗斯是全球数字冲突不断发展的地狱中众多攻击的主角方面发挥了关键作用。
曼迪亚和火眼公司的发言人都没有透露公司何时发现了黑客行为或者谁应该对此负责。但网络安全界的许多人怀疑俄罗斯。
———
US investigating computer hacks of government agencies
WASHINGTON -- Hackers broke into the networks of federal agencies including the Treasury and Commerce departments as U.S. government officials said Sunday that they were working to identify the scope of the breach and to fix the problem.
The FBI and the Department of Homeland Security's cybersecurity arm are investigating.
The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company's own hacking tools. Many experts suspectRussiaas responsible for the attack against FireEye, a major cybersecurity player whose customers include federal, state and local governments and top global corporations.
There was no immediate connection between the attacks, and it wasn't immediately clear ifRussiawas also responsible for the hack of the Treasury Department, which was first reported by Reuters. National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
The government's Cybersecurity and Infrastructure Security Agency said separately that it has been working with other agencies “regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
PresidentDonald Trumplast month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.
Federal government agencies have long been attractive targets for foreign hackers. Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the internet while experts worked to eliminate the infestation.
Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding internet and telecommunications policy. Intelligence agencies are reportedly concerned that other agencies were hacked using similar tools.
The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.”
Last Tuesday, prominent U.S. cybersecurity firm FireEye said that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. Those customers include federal, state and local governments and top global corporations.
The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them. He said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.
FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.
Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. But many in the cybersecurity community suspect Russia.
———
Krisher reported from Detroit.
