US national security adviser cuts trip to Europe after Russian hack

Return of senior US official indicates seriousness of hack that hit at least six US agencies

FILE PHOTO: A hooded man holds a laptop computer as blue screen with an exclamation mark is projected on him in this illustration picture taken on May 13, 2017. REUTERS/Kacper Pempel/Illustration/File Photo
Powered by automated translation

US National Security Adviser Robert O'Brien cut short his trip to Europe this week and returned to Washington on Tuesday to hold meetings on the alleged Russian hack of government agencies.

Mr O'Brien was due to visit the UK, Italy and Germany this week but returned to Washington four days early, a spokesman for the US National Security Council confirmed to The National.

“Ambassador O’Brien is returning to address the hacking incident,” said John Ullyot, the deputy assistant to the president.

The council already held two high-level meetings on the cyber breach on Saturday and Monday, and Mr O'Brien will be convening another meeting tonight and tomorrow.

The return of the senior US official was another indication of the seriousness of the hack that hit at least six US agencies. The attack is suspected to have been carried out by the Russian government.

The departments of state, defence, homeland security, justice, treasury and commerce are investigating the degree of the breach that may have happened over several months. Nearly 18,000 private and government users downloaded the tainted software update, according to The New York Times.

The huge operation was carried out after the hackers infiltrated and installed malware in a software product from SolarWinds, which supplies hundreds of government agencies and top companies.

By compromising its platform, the hackers were able to gain access to government agencies and possibly secret material that SolarWinds was supposed to protect, Reuters reported on Sunday.

The company sent an advisory to its clients informing them of an attack. “We have been advised that this incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation-state," the Texas-based company said. It then launched an upgrade to the software containing the malicious code.

Russia denied responsibility for the attack but US officials and cyber experts say the high level of sophistication of the operation and the agencies affected point to Russian intelligence. US officials said the Russian hacking group Cozy Bear, associated with the Russian foreign intelligence service, was behind the attack.

Government agencies are still investigating the degree of the damage to determine a response.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency was also attacked. It issued a rare directive on Sunday instructing all federal agencies to disconnect affected devices.

Teri Radichel, CEO of 2nd Sight Lab, saw in the attack further evidence on the lethality of the NotPetya malware that Russia has employed in the past.

"This attack has many factors, but one thing companies really need to look at closely is the security of their deployment systems," Ms Radichel told The National. "The NotPetya malware used the same vector and caused a massive amount of damage."

Implementing secure architecture is needed to limit the damage that malware can cause when it gets into systems such as Solarwinds, explained Ms Radichel, also the author of Cybersecurity for Executives in the Age of the Cloud.

“Networks should be designed to spot the C2 [command and control] traffic and any internal network scans as quickly as possible, as well as use defence in depth and avoid reliance on only one monitoring system for critical data,” the expert added.

In October, the US Department of Justice charged six Russian military officers and accused them of carrying out some of the world’s largest cyberattacks over the last decade using the malware NotPetya.

The US government was made aware of the attack only after the private cybersecurity company FireEye detected the infiltration. On Tuesday, Microsoft announced it would quarantine and isolate versions of the SolarWinds Orion app that contain the malware. It also recommended that companies with Orion apps do the same.