The hackers who hit SolarWinds violated the networks of the National Nuclear Safety Administration (NNSA) and the US Department of Energy (DOE).
America seems to be in a state of cyber warfare, as too many sensitive government services have been violated by the same team that hit SolarWinds.
For example, the NNSA, which is a semi-autonomous government agency responsible for maintaining and securing US nuclear stockpiles. Founded by the US Congress in 2000, it is also responsible for dealing with nuclear and radioactive emergencies within the United States and abroad.
US officials they told Politico that federal investigators have found evidence that hackers who hit SolarWinds have access to the US DOE and NNSA networks.
The Federal Energy Regulatory Commission (FERC), the Safe Transport Bureau, the DOE Richland Field Office and the Sandia and Los Alamos National Laboratories were all reportedly hit.
According to DOE spokeswoman Shaylyn Hynes, the hackers focused their efforts primarily on FERC. The DOE also confirmed that the team piracyς παραβίασε επίσης τα δίκτυα της αμερικανικής υπηρεσίας πυρηνικών όπλων. Αυτή την στιγμή και προκειμένου να διασφαλίσει ότι οι υπόλοιποι κρίσιμοι οργανισμοί είναι ασφαλείς, βρίσκεται σε τακτική επαφή με την ηλεκτρική energy, Oil and Gas (ONG) and Information Sharing and Analysis Centers (ISAC)
The breach of US government networks has been officially confirmed
This series of attacks led to the invasion of many US government networks such as was officially confirmed by the FBI, CISA and ODNI.
The list of US government targets that have been violated also includes the US Treasury Department, the US Department of State, the NTIA, the NIH, the DHS-CISA and the US Department of Homeland Security.
The US government suspects that the group behind this pirate campaign is the Russian state group APT29 (also known as Cozy Bear), and had access to the networks of violated organizations for a long time, according to a CISA notice.
Danger to more violated government agencies
The backdoor used in these attacks, dubbed Solarigate or Sunburst, was distributed through SolarWinds' auto-update mechanism to the systems of some 18.000 customers.
Η SolarWinds customer list includes more than 425 Companies of the US, the top ten US telecommunications companies, as well as several government agencies, including the US Military, the US Pentagon, the US Department of Justice, the State Department, NASA, NSA, the Postal Service, NOAA, and the Office of the President of the United States.
CISA, after a series of confirmed violations by US government agencies, has asked federal civil services to immediately disconnect the affected SolarWinds Orion products from their networks.