Senior officials from the Department of Veterans Affairs abruptly canceled a scheduled briefing with congressional leaders this week about the magnitude and impact of the SolarWinds cyber attack, a far-reaching breach of the networks of multiple US agencies and powerful companies allegedly committed by an elite team of Russian hackers sanctioned by Moscow.
Democratic lawmakers say the VA has so far failed to explain its decision not to inform House and Senate regulators whether the attack may have compromised veterans’ sensitive information, forcing at least one U.S. senator to publicly respond. of the chief of the office. This week, VA officials told reporters that there are currently no signs that the hackers have exploited the back door in their network, which was unknowingly installed by about 18,000 SolarWinds customers this year.
In a letter Connecticut Democrat Senator Richard Blumenthal told Veterans Secretary Robert Wilkie on Wednesday that the veteran community is “particularly vulnerable” to the fallout from a breach, noting that the department contains a vast amount of veterans’ private data. It remains unclear what steps, if any, Wilkie may have taken, Blumenthal said, to assess the risk to retired members of the United States Armed Forces.
“I am alarmed by the potential threat to the VA and am writing to request urgent information about the impact of this incident and what steps are being taken to ensure the resilience and confidentiality of the VA mission,” Blumenthal wrote. “This hack threatens to exacerbate existing privacy concerns and allows hackers to share and sell veterans’ personal information.”
G / O Media can receive a commission
Veterans are believed to be at high risk of identity theft as a result of long-standing government practices, such as using Social Security numbers as the primary identification for service members. Veterans also rely heavily on the use of a document known as DD Form 214, which contains sensitive information, to provide evidence of their service. Blumenthal mentions the “necessary dependence” on the document – copies of which the SA maintains digitally – as a special vulnerability.
Wilkie is under no obligation to respond to Blumenthal’s inquiries, which include precautions taken to separate veterans’ medical records from other systems and whether the VA has completed a forensic investigation of its cloud resources. The Trump administration has traditionally ignored most questions from minority Congressional Democrats.
The VA, one of SolarWinds largest federations customers, could not be immediately reached for comment. A spokesperson for VA told CyberScoop on Wednesday that the agency removed SolarWinds’ network surveillance software “out of an abundance of caution” and that “there are currently no signs of exploitation”.
Deleting an infected copy of the SolarWinds platform does not necessarily guarantee that the alleged Russian hackers will not have a foothold in the network.
According to CyberScoop, other agencies were also less than willing about the breach. In another letter this week, Senator Bob Menendez, a Democrat from New Jersey, said the US State Department is “silent on whether its computer, communications, and information technology systems had been compromised.”
The SolarWinds attack represents one of the most brutal breaches of U.S. government networks by a government actor since at least the Office of Personnel Management violation of 2015, in which Chinese hackers exfiltrated millions of personnel records and background checks of federal employees. The Ministries of State, Commerce, Finance, and Homeland Security, as well as the National Institutes of Health, are among the SolarWinds victim list.
Experts say Russian hacking group ATP 29, also known as Cozy Bear, may have infiltrated Texas-based software company SolarWinds as early as 2019 and inserted malicious code into copies of Orion Platform, a network management tool used by dozens of federal agencies. and more than three-quarters of the companies on the Fortune 500 revenue-based list.
Experts usually associate Cozy Bear, which is credited with attacking the The Pentagon’s email system in 2015 and the Democratic National Committee in 2016 with the Russian Foreign Intelligence Service, the predecessor of the KGB.
The malware deployed on the Orion platform, known as Teardrop, was highly sophisticated according to experts, and in addition to collecting users’ credentials and monitoring their keystrokes, Cozy enabled Bear to mask its movements in infected networks , allowing them to continue as normal. IT employees.