The Massive Cyber Attack

Updated ET, Sat ,

US officials monitoring for cyber threats to the nation's critical infrastructure became aware several months ago of suspicious activity that's now been linked to one of the largest hacking operations in history, three sources familiar with the situation told CNN.

Despite these initial indicators, the tremendous scope of the espionage campaign and its sophistication only became clear last week, after the elite cybersecurity firm FireEye disclosed a devastating data breach on its own network.

The US government's early detection, which has not been previously reported, did not provide conclusive evidence that the government's networks had been compromised, but it was enough to worry top cybersecurity officials that potential vulnerabilities existed.

The revelation illustrates how a select few within the government's most classified corners grappled with early warning signs of the massive hack -- and launched into a months-long investigation that ended up uncovering links to the devastatingly sophisticated spying operation that has rocked Washington this week.

At least a half a dozen federal agencies are now known to have been targeted, including the Department of Homeland Security's cyber arm and the Departments of Agriculture, Commerce, Energy and State.

Investigators are still trying to determine what, if any, government data may have been accessed or stolen in the hack. The indicators identified during early detection efforts did not reveal evidence of a classified data breach, two sources told CNN.

Many in the media wanted to talk to Christopher Krebs, the nation’s former top cybersecurity official, when he disputed President Trump’s unproven allegations of voter fraud.

But his name appears to come up less frequently now that his former agency is being scrutinized in the wake of an apparent Russian cyber attack that began in March but was only publicly revealed this week.

Krebs headed the Cybersecurity and Infrastructure Security Agency (CISA) until Trump fired him in November. He had called the 2020 election "the most secure in American history" and said there was no evidence of changed, deleted, lost or otherwise compromised votes.

He garnered a lot of media coverage for contradicting the president, appearing on a slew of television news programs.

Sen. Mitt Romney (R-Utah) said Thursday it was extraordinary that President Donald Trump hasn’t said a single word about the cyberattack on U.S. agencies believed to be orchestrated by the Kremlin. Nor has Trump apparently complained to Russian President Vladimir Putin.

In a tweet posted on Thursday, Romney called White House inaction and silence inexcusable:

“In this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really quite extraordinary,” Romney also told Olivier Knox on SiriusXM.  

The extensive cyberattack hit the U.S. Treasury, Commerce Department, State Department and the National Nuclear Security Administration, which maintains the American stockpile of nuclear weapons. The nation’s Cybersecurity and Infrastructure Security Agency said the sophisticated attack raises grave concerns about U.S. safety. And officials said it could take months before the full extent of the attack was known.

Romney said the operation exposes the nation’s cyberwarfare readiness as extraordinarily weak, and that Russia thinks “so little of our ability to fight back from a cyber standpoint that they do this with impunity. So our national security is extraordinarily vulnerable,” he added.

When White House spokeswoman Kayleigh McEnany was asked Tuesday about the massive hack, she said the White House was “taking a hard look into this,” CNBC reported.

Alleged Russian hackers responsible for breaking into SolarWinds software to monitor U.S. businesses and government entities gained access to a county government in Arizona, as well as a major cable provider, according to Reuters.

Hackers were capable of infiltrating the local government in Pima County, Arizona and Cox Communications networks, Reuters reported.

Pima County Chief Information Officer Dan Hunt told Reuters via email that Pima County followed the U.S. government’s emergency advisory and took the SolarWinds software offline, and that investigators had not found further breaches in the county.

A spokesman for Cox Communications told Reuters they were performing an “around the clock” investigation to get to the bottom of the breach. “The security of the services we provide is a top priority,” the spokesman told Reuters.

The backdoors that gave hackers access to Cox Communications and Pima County’s networks were activated around six months ago, and it remains unclear what information hackers were able to gain access to over that time period, according to Reuters.

Beyond Cox Communications and Pima County, the hacking operation gained access to the U.S. Department of Homeland Security, Treasury Department, Commerce Department, State Department and Microsoft.

( )