Cyber ​​attack in the United States: hackers "disciplined and focused", according to experts - France 24

Washington (AFP)

The authors of a gigantic cyberattack that targeted nearly 18,000 companies in the United States in 2020 were "disciplined and focused", said computer security experts Tuesday, pointing to the need for sharing information on existing threats.

The attack began in March, with hackers taking advantage of an update to monitoring software developed by a Texas company, SolarWinds, used by tens of thousands of businesses and governments around the world.

Computer systems of US government agencies, including the Departments of State, Commerce, the Treasury, Homeland Security and the National Institutes of Health were also targeted.

The attack was discovered in December by the IT security group FireEye, itself the victim of cyber attacks.

The hackers "were disciplined and focused," FireEye boss Kevin Mandia told the Senate Intelligence Committee.

"They were targeting specific targets, they had a plan and a data collection program," he said.

"We have substantial clues that point to the Russian Foreign Intelligence Agency, and no clue leads us elsewhere," said Microsoft President Brad Smith for his part.

US authorities have already identified Russia as the prime suspect in the attack, and the Washington Post said on Tuesday that the government was studying the possibility of imposing sanctions on Moscow.

Microsoft revealed in December that hackers had access to part of the company's computer code by hacking into an employee's account.

According to Brad Smith, "at least 1,000 highly skilled and capable engineers" participated in "the most sophisticated attack we have ever seen so far" which also targeted companies in Mexico, Canada, Great Britain. , Belgium, Spain and the United Arab Emirates.

Another flaw used by hackers is the lack of an authority to centralize information on cyberattacks while Microsoft's contracts with government agencies prohibit the company from communicating about attacks with other agencies, Smith added.

Among the avenues to explore, the president of Microsoft has suggested the idea of ​​forcing a company victim of a cyberattack to make a "confidential notification" to a government entity that would be responsible for sharing intelligence.

The boss of FireEye insisted on the need for legal protection for companies like SolarWinds in the face of possible lawsuits from its customers victims of cyberattacks.

© 2021 AFP