US government agencies hacked; Russia a possible culprit

US government agencies hacked; Russia a possible culprit
1 / 2
In this file photo taken on March 27, 2020, an exterior view of the building of US Department of the Treasury is seen in Washington, DC. (AFP / Olivier Douliery)
US government agencies hacked; Russia a possible culprit
2 / 2
The US Treasury Department building viewed from the Washington Monument in Washington. (AP Photo/Patrick Semansky, file)
Short Url
Updated 14 December 2020

US government agencies hacked; Russia a possible culprit

US government agencies hacked; Russia a possible culprit
  • Cybersecurity firm FireEye earlier disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools
  • Hackers linked to Russia were able to break into the US State Department’s email system in 2014

WASHINGTON: Hackers broke into the networks of the Treasury and Commerce departments as part of a global cyberespionage campaign revealed just days after a leading global cybersecurity firm announced that it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.
The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of US government agencies — apparently the same monthslong cyberespionage campaign that also afflicted the prominent cybersecurity firm FireEye.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The hacks were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. FireEye’s customers include federal, state and local governments and top global corporations.
The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple US federal agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.
FireEye, without naming the breached agencies or other targets, said in a blog post that its investigation into the hack of its own network had identified “a global campaign” targeting governments and the private sector that, beginning in the spring, slipped malware into a SolarWinds software update.
The malware gave the hackers remote access to victims’ networks.
FireEye said it had notified “multiple organizations” globally where it saw indications of compromise. It said that the hacks did not seed self-propagating malware — like the 2016 NotPetya malware blamed on Russia that caused more than $10 billion in damage globally — and that any actual infiltration of an infected organization required “meticulous planning and manual interaction.”
The US government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect.
National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the US military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice and the White House. It says the 10 leading US telecommunications companies and top five US accounting firms are also among customers.
The government’s Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help “identify and mitigate any potential compromises.”
President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.
In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time,” adding that he believed that its impact was only beginning to be understood.
Federal government agencies have long been attractive targets for foreign hackers.
Hackers linked to Russia were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the Internet while experts worked to eliminate the infestation.
Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding Internet and telecommunications policy.
The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.” The FBI had no immediate comment.
Austin, Texas-based SolarWinds confirmed Sunday in an email to The Associated Press that it a “potential vulnerability” related to updates released between March and June for software that helps organizations monitor their online networks for problems.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement.
The compromise is critical because SolarWinds would give a hacker “God-mode” access to the network, making everything visible, said Alperovitch.
FireEye announced on Tuesday that it had been hacked, saying foreign state hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.
Former NSA hacker Jake Williams, the president of the cybersecurity firm Rendition Infosec, said FireEye surely told the FBI and other federal partners how it had been hacked and they determined that Treasury had been similarly compromised.
“I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.
FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.
Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. Mandia said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.


13 cases of omicron variant in Dutch testing of travelers

13 cases of omicron variant in Dutch testing of travelers
Updated 7 sec ago

13 cases of omicron variant in Dutch testing of travelers

13 cases of omicron variant in Dutch testing of travelers
THE HAGUE, Netherlands: The Dutch public health authority confirmed Sunday that 13 people who arrived in the Netherlands on flights from South Africa on Friday have so far tested positive for the new omicron coronavirus variant.
The 61 people who tested positive for the virus on Friday after arriving on the last two flights to Amsterdam’s Schiphol airport before a flight ban was put in place were immediately put into isolation while sequencing was carried out to establish if they had the new variant.
The public health institute said in a statement that testing was continuing on the samples.
Most of the 61 people who tested positive were put into isolation at a hotel near the airport, while a small number were allowed to sit out their quarantine at home under strict conditions.
Health authorities appealed to all travelers who returned from southern Africa in the past week to get tested, and set up a test center at Schiphol Airport for Dutch citizens returning from the region. The tests are voluntary, and travelers can wait for the results in isolation at home.
THIS IS A BREAKING NEWS UPDATE. AP’s earlier story follows below.
BERLIN: Australia on Sunday became the latest country to detect the omicron variant of the coronavirus in travelers who arrived from southern Africa, while Israel decided to bar entry to foreign nationals — the toughest of a growing raft of curbs imposed by nations around the world as they scramble to slow its spread.
Confirmed or suspected cases of the new variant have already emerged in several European countries, in Israel and in Hong Kong, just days after it was identified by researchers in South Africa. The “act first, ask questions later” approach reflected growing alarm about the emergence of a potentially more contagious variant nearly two years into a pandemic that has killed more than 5 million people, upended lives and disrupted economies across the globe.
While much remains to be learned about the new variant, researchers are concerned that it may be more resistant to the protection provided by vaccines and could mean that the pandemic lasts for longer than anticipated.
Israel moved to ban entry by foreigners and mandate quarantine for all Israelis arriving from abroad.
“Restrictions on the country’s borders is not an easy step, but it’s a temporary and necessary step,” Prime Minister Naftali Bennett said at the start of the weekly Cabinet meeting.
Dr. Ran Balicer, head of the government’s advisory panel on COVID-19, told Israel’s Kan public radio that the new measures were necessary for the “fog of war” surrounding the new variant, saying it was “better to act early and strictly” to prevent its spread.
Many countries have restricted or banned travel from various southern African countries — among the latest New Zealand, Thailand, Indonesia, Singapore, Sri Lanka, the Maldives and Saudi Arabia. Places that already had imposed restrictions include Brazil, Canada, the European Union, Iran, and the US This goes against the advice of the World Health Organization, which has warned against any overreaction before the variant is thoroughly studied.
Authorities in Australia said two overseas travelers who arrived in Sydney from Africa became the first in the country to test positive for the omicron variant. Arrivals from nine African countries are now required to quarantine in a hotel upon arrival.
The United States’ top infectious diseases expert, Dr. Anthony Fauci, said he would not be surprised if the omicron variant was already in the US, too.
“We have not detected it yet, but when you have a virus that is showing this degree of transmissibility ... it almost invariably is ultimately going to go essentially all over,” Fauci said on NBC television.
In Europe, much of which already has been struggling with a sharp increase in cases over recent weeks, officials also were on their guard.
The UK on Saturday tightened up rules on mask-wearing and on testing of international arrivals after finding two omicron cases. Spain announced it won’t admit unvaccinated British visitors starting Dec. 1. They are currently allowed to enter with a negative coronavirus test.
Italy was going through lists of airline passengers who arrived in the past two weeks after a business traveler who returned from Mozambique and landed in Rome on Nov. 11 tested positive for omicron.
“The phase of searching for the new variant has started. Controls at airports, ports and train stations have been reinforced,’’ said the Lazio region’s top health official, Alessio D’Amato. The region that includes Rome’s Leonardo da Vinci international airport also is sending random virus test samples to the Spallanzani infectious disease hospital in Rome to be analyzed for the new variant.
In France, Health Minister Olivier Veran said that while no cases have yet been confirmed in France, “it’s a question of hours,” given that omicron infections have been reported in multiple neighboring countries. “It is probable that there currently are cases in circulation,” he said on a visit to a Paris vaccination center.
While it is not clear yet how existing vaccines work against the omicron variant, Veran said the French government isn’t changing its strategy to fight the latest surge of infections driven by the delta variant, which centers on increasing vaccinations and boosters.
David Hui, a respiratory medicine expert and government adviser on the pandemic in Hong Kong, said that even though it is not clear if current coronavirus vaccines are effective against the new variant, the city’s vaccination rate should be increased and booster doses should be implemented as soon as possible.
He said that the two people who tested positive for the omicron variant had received the BioNTech-Pfizer shot and exhibited very mild symptoms, such as a sore throat.
“Vaccines should work but there would be some reduction in effectiveness,” he said.

Ethiopia PM Abiy says military will ‘destroy’ Tigray rebels

Ethiopia PM Abiy says military will ‘destroy’ Tigray rebels
Updated 31 min 30 sec ago

Ethiopia PM Abiy says military will ‘destroy’ Tigray rebels

Ethiopia PM Abiy says military will ‘destroy’ Tigray rebels
  • On Friday, state media showed what it described as the first footage of Abiy, a former lieutenant-colonel, in uniform at the front
  • The war erupted in early November 2020 when Abiy deployed troops into Tigray to topple the TPLF

ADDIS ABABA: Ethiopian Prime Minister Abiy Ahmed said his soldiers would “destroy” rebels from the northern Tigray region, in the latest instalment of footage which state media said shows him at the war front.
“You are comprehensively destroying the enemy, there is no going back without winning,” Abiy, winner of the 2019 Nobel Peace Prize, said in the 34-minute clip posted Saturday to his office’s Twitter page, which AFP could not independently verify.
“We will win, the enemy is dispersing, there are areas we have to control,” he added.
“Until we destroy the enemy there is no rest.”
Abiy announced this week he would start leading operations against the Tigray People’s Liberation Front (TPLF), which once dominated national politics but has been locked in a war with his government for the past year.
The announcement has spurred new recruitment in Addis Ababa.
The country’s most famous distance runner, Haile Gebreselassie, told AFP he was determined to “sacrifice and stand for Ethiopia.”
The TPLF, he added, “is destabilising our country beyond its region.”
On Wednesday state-affiliated media announced Abiy had handed over regular duties to his deputy.
His move came after the TPLF reported major territorial gains, claiming this week to have seized a town just 220 kilometers (135 miles) from the capital Addis Ababa.
The TPLF has aligned itself with other armed groups including the Oromo Liberation Army, which is active in the Oromia region surrounding the city.

On Friday, state media showed what it described as the first footage of Abiy, a former lieutenant-colonel, in uniform at the front, including an interview in which he vowed to “bury the enemy.”
He also said the military had secured control of Kassagita and planned to recapture Chifra district and Burka town in Afar region, which neighbors Tigray, the TPLF’s stronghold.
The World Food Programme tweeted that 79 trucks carrying food and other lifesaving humanitarian supplies had arrived in Mekelle, the capital of the Tigray region this week.
“More are on the way,” the WFP added.
Independent media have largely been denied access to war-affected regions in recent weeks.
On Saturday officials in Addis Ababa held a ceremony for athletes and artists heading north to visit troops.
Among those pledging to fight is Feyisa Lilesa, a distance runner and Olympic silver medallist.
The war erupted in early November 2020 when Abiy deployed troops into Tigray to topple the TPLF, a move he said came in response to TPLF attacks on army camps.
Though he promised a swift victory, by late June the TPLF had regrouped and retaken most of Tigray, and it has since pushed into the neighboring Amhara and Afar regions.

The African Union’s special envoy for the Horn of Africa, Olusegun Obasanjo, is leading a diplomatic push for a cease-fire, but there have been few signs of progress so far.
International alarm is growing over a possible rebel assault on the capital, with the US, the UK, Germany and Italy among countries urging their citizens to leave Ethiopia.
France joined the group this week and on Sunday plans to ferry some citizens out on a charter flight.
The government insists rebel gains are overstated, blaming what it describes as sensational media coverage and alarmist security adviseries from embassies for creating panic.


7.5-magnitude earthquake strikes northern Peru: USGS

7.5-magnitude earthquake strikes northern Peru: USGS
Updated 57 min 19 sec ago

7.5-magnitude earthquake strikes northern Peru: USGS

7.5-magnitude earthquake strikes northern Peru: USGS

LIMA: A 7.5-magnitude quake struck northern Peru on Sunday, the United States Geological Survey said, but there was no tsunami warning issued.
The offshore quake hit at at 5:52 am (1052 GMT) at a depth of 112.5 kilometers (70 miles), about 42 kilometers northwest of Barranca, USGS said.


Travel curbs aimed at COVID-19 variant tighten across the world

Travel curbs aimed at COVID-19 variant tighten across the world
Updated 12 min 29 sec ago

Travel curbs aimed at COVID-19 variant tighten across the world

Travel curbs aimed at COVID-19 variant tighten across the world
  • The tighter restrictions in the Asia-Pacific region echoed steps rapidly taken by countries around the world to limit the spread of the omicron
  • The United States’ top infectious diseases expert, Dr. Anthony Fauci, said he would not be surprised if the omicron variant was already in the US, too

HONG KONG: Australian officials were racing Sunday to conduct further tests on passengers arriving from southern Africa who tested positive for COVID-19 to determine if they were carrying the omicron variant as nations around the world tightened controls against the worrying new strain.
Neighboring New Zealand announced it was restricting travel from nine southern African countries because of the threat posed by the variant, and Japan widened its border controls to include more countries from the region. Tourist-dependent Thailand, which only recently began loosening its tight border restrictions to leisure travelers from certain countries, announced a ban of its own on visitors from eight African counties. Similar restrictions took effect in the business hub of Singapore, which is barring entry and transit to anyone with a recent history of travel to seven southern African nations.
The tighter restrictions in the Asia-Pacific region echoed steps rapidly taken by countries around the world to limit the spread of the omicron variant just days after it was identified by researchers in South Africa. The act first, ask questions later approach reflected growing alarm about the emergence of a potentially more contagious variant nearly two years into a pandemic that has killed more than 5 million people, upended lives and disrupted economies across the globe.
While much remains to be learned about the new variant, researchers are concerned that it may be more resistant to the protection provided by vaccines and could mean that the pandemic lasts for longer than anticipated.
Cases involving the omicron variant have already been confirmed on multiple continents, with Germany, Italy, Belgium, Israel and Hong Kong all reporting cases in recent days.
The United States’ top infectious diseases expert, Dr. Anthony Fauci, said he would not be surprised if the omicron variant was already in the US, too.
“We have not detected it yet, but when you have a virus that is showing this degree of transmissibility ... it almost invariably is ultimately going to go essentially all over,” Fauci said on NBC television.
In Australia, the New South Wales health department said Sunday that urgent genomic testing was being done on samples taken from two passengers who arrived in Sydney from southern Africa the day before and tested positive on arrival.
The department said the travelers were from one of nine African countries that are now required to quarantine in a hotel upon arrival in Sydney. The countries are South Africa, Lesotho, Botswana, Zimbabwe, Mozambique, Namibia, Eswatini, Malawi and the Seychelles.
New Zealand’s COVID-19 Response Minister Chris Hipkins said the island nation was taking a precautionary approach. From late Sunday, only New Zealand citizens from nine African countries will be allowed entry to New Zealand, and they will be required to spend two weeks in a quarantine hotel run by the military.
Hipkins said officials were confident the variant hadn’t entered New Zealand and they were well placed to keep it out.
Many countries have slapped restrictions on various southern African countries over the past couple of days, including the UAE, Jordan, Saudi Arabia, Brazil, Canada, the European Union, Iran and the US, in response to warnings over the transmissibility of the new variant. This goes against the advice of the World Health Organization, which has warned against any overreaction before the variant was thoroughly studied.


Omicron variant likely to be circulating in France — health minister

Omicron variant likely to be circulating in France — health minister
Updated 28 November 2021

Omicron variant likely to be circulating in France — health minister

Omicron variant likely to be circulating in France — health minister
  • The government was tightening restrictions to contain the spread of the virus

PARIS: The Omicron variant of the coronavirus is probably already circulating in France, its health minister said on Sunday, adding that the government was tightening restrictions to contain its spread.
“There is no identification yet, but it’s a matter of hours,” Olivier Veran told reporters at a vaccination center in Paris.