Luckin Coffee to Pay $180 Million Penalty to Settle Accounting Fraud Charges: US SEC
The Department of Energy said that it was hacked by a聽malware injected into its networks after a SolarWinds update, but that its national security functions was not impacted, including for the agency that manages the nation鈥檚 nuclear weapons stockpile.
“The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners,” DOE spokeswoman聽Shaylyn Hynes said in a statement to The Epoch Times.
“The investigation is ongoing and the response to this incident is happening in real time. At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA).
“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
The NNSA, a聽semi-autonomous agency within the Energy department, oversees聽the country’s nuclear weapons stockpile and is responsible for strengthening the nation’s security through military application of nuclear energy and reducing the global threat from terrorism and weapons of mass destruction.
Sen. Deb Fischer (R-Neb.), chairman of the Subcommittee on Strategic Forces, said in a statement after the revelation that she has “great confidence in the safety and security of our nuclear weapons” but was “troubled by reports that hackers accessed the National Nuclear Security Administration鈥檚 network.”
“As the chairman of the subcommittee that oversees our nuclear forces, I have requested a briefing from the Department of Energy as soon as possible,” she added.
In a joint statement on Wednesday, three federal U.S. agencies confirmed that a recent hacking campaign has affected federal government networks and involved products from technology company Solarwinds. The FBI is now investigating the hack of SolarWinds technology, the statement said.
The聽FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) called the hacking campaign “significant and ongoing” and聽have formed a group called the Cyber Unified Coordination Group to respond to the hack.
SolarWinds technology is used by all five branches of the U.S. military and numerous government agencies. The SolarWinds Orion platform was compromised. The聽breach was achieved by inserting malware, or malicious code, into software updates for Orion, a widely used network management tool.
The United States Chamber of Commerce building in Washington in a 2009 file photograph. (Manuel Balce Ceneta/AP Photo)The Commerce Department confirmed to The Epoch Times on Dec. 13 that it had been hacked. The Treasury Department was also reportedly breached.
CISA聽said on Thursday that the hacking campaign is larger than previously known and that the alleged foreign actors gained backdoor access in more ways than through the SolarWinds software.
The 鈥淪olarWinds Orion supply chain compromise is not the only initial infection vector this advanced persistent threat actor leveraged,” CISA said in a statement on Thursday, noting that it has evidence of additional initial access vectors that are still being investigated. It also said that the hacking campaign started as early as March 2020.
CISA previously聽issued an emergency directive on Dec. 13 ordering all federal agencies to disconnect Solarwinds Orion products immediately, and check their networks for signs of compromise.
According to the new joint statement on Wednesday, CISA is in regular contact with other government agencies, private entities, and international partners, and is providing technical assistance when asked and making information and resources available to help those affected recover quickly from the hack.
SolarWinds said聽on Dec. 14 in a filing聽to the Securities and Exchange Commission that it believes up to 18,000 customers had installed the compromised software update.
SolarWinds serves over 300,000 customers around the world. A partial customer listing that was taken offline showed that its customers include all five branches of the U.S. military, more than 425 of the U.S. Fortune 500, as well as the Office of the President of the United States.
The same list includes Dominion Voting Systems, a company that provides its voting equipment and software to 28 states and has become a focus of election fraud allegations across the United States.聽Dominion鈥檚 CEO John Poulos told state lawmakers in Michigan on Dec. 15 that the company has never used the SolarWinds Orion products.
A screenshot of Dominion Voting Systems’ website shows use of SolarWinds software. (Screenshot/Dominion Voting Systems)But a screenshot of a Dominion webpage that The Epoch Times captured shows that Dominion does use SolarWinds technology. Dominion later altered the page to remove any reference to SolarWinds, but the SolarWinds website is still in the page鈥檚 source code.
A security researcher said that Solarwinds聽was warned in 2019聽that its software update server could be accessed using a simple password.
Zachary Stieber and Jack Phillips contributed to this report.
Focus News: Energy Department Hacked, ‘National Security Functions’ Not Impacted: Spokesperson
Half of Australia’s Largest Chinese Media Outlets Linked to Beijing’s United Front: Report