Trump Contradicts Pompeo On Russian Involvement, Scope Of Cyberattack

Pompeo said it was a “very significant effort.”“And I think it’s the case now that we can say pretty clearly that it was the Russians that engaged in this activity,” he continued.

1:40Gov’t agency warns infrastructure at risk from cyberattacks

Gov’t agency warns infrastructure at risk from cyberattacks – Nov 20, 2020

On Wednesday, the U.S. government confirmed several of its networks were affected by a recent hacking campaign targeting users of SolarWinds, a Texas-based software company.The hackers utilized the platform to peer into computer networks for various U.S. government agencies, including the U.S. Department of Homeland Security, and the federal Treasury and Commerce departments.SolarWinds said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed for almost nine months.In a joint statement issued earlier this week, the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) said the situation was “developing.”“And while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the statement read.The FBI said it is “investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.”

While the joint statement does not say who is to blame for the hack, officials widely suspect Russia is responsible.Russia, however, denies any involvement.Cybersecurity firm FireEye was the first of SolarWinds’ customers to detect the attack.In a blog post on Dec. 13, the company said the campaign is “widespread,” and could have begun as early as spring 2020.

Click to play video 'U.S. Secretary of State Pompeo defends Trump’s policy in Middle East as ‘consistent’'

0:33U.S. Secretary of State Pompeo defends Trump’s policy in Middle East as ‘consistent’

U.S. Secretary of State Pompeo defends Trump’s policy in Middle East as ‘consistent’ – Nov 22, 2020

“The actors behind this campaign gained access to numerous public and private organizations around the world,” the post reads.On the same day, the U.S. Department of Homeland Security issued an emergency directive, urging all federal agencies to remove the affected software.President-elect Joe Biden, who is set to be inaugurated on Jan. 20, said he will make “dealing with this breach a top priority from the moment we take office.”“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said.“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”SolarWinds has asked its customers to upgrade to the latest version of its Orion platform “as soon as possible to better ensure the security of your environment.”

What has Canada said?

In a statement to Global News on Saturday, Evan Koronewski, a spokesperson for the Communications Security Establishment (CSE), confirmed its Cyber Centre is “working with its partners in the private and public sectors across Canada to address this sophisticated cyber security incident.”“We are working with government partners, including Shared Services Canada, to ensure the Government of Canada’s systems and networks remain secure and functioning as expected,” he said in an email.

Koronewski said the situation “remains ongoing,” adding that the Cyber Centre is “actively engaged with our government and non-government partners sharing cyber security advice and guidance mitigation, and operational updates.”The CSE said the Cyber Centre does not comment on reporting by Canadian organizations regarding cyber incidents.“As a result, we do not have any further information to add on potential victims,” the email read.On Monday, the centre issued an alert to notify IT professionals of the cyber threat. It also shared the guidance from SolarWinds on how to mitigate a potential breach.