Cyberintruder’s “grave threat” extends to state, local government

Boston Statehouse

BOSTON (SHNS) – The cyberintrusion that has compromised servers of the federal government and private corporations “poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations,” a federal agency warned Thursday.

Massachusetts state government uses some of the software thought to be the main point of entry for this cyberattack and some offices have noticed unusual behavior around their cyber assets. However, administration officials said Thursday that they have not found evidence that state government systems have been compromised to this point.

The Cybersecurity and Infrastructure Security Agency said that federal agencies, companies and critical infrastructure entities have been compromised by an “advanced persistent threat actor” operating with sophistication, patience and complex tradecraft. The intrusions date back to at least March, CISA said Thursday in an alert that also warned it will be “highly complex and challenging” to kick the cybercriminal(s) out of environments they have compromised.

One of the main ways the cybercriminals or nation-state — a former Trump administration homeland security adviser blamed the attacks on a Russian intelligence agency in the New York Times — were able to compromise government servers was through software from a company called SolarWinds and particularly its Orion platform.

Some of that company’s software is in use in Massachusetts state government, but no intrusions have been detected here, administration officials said. Auditor Suzanne Bump said her office noticed some out-of-the-ordinary activity on its networks, but no compromises.

“We did a check of our systems. We do use SolarWinds and the Orion platform, and we could detect some, a few instances of, monitoring of our traffic but no intrusion, per se,” Bump said Wednesday afternoon during a meeting of the Comptroller Advisory Board.

Peter Scavotto, the assistant comptroller who serves as the office’s head of risk, said the comptroller’s office uses a different type of SolarWinds software. He said the office’s technical team “looked into that and it is not on the list of software that was attacked.”

On Monday, the Executive Office of Technology Services and Security got in touch with chief information officers from executive branch offices and independent state agencies to share information about this most recent cyberattack. Cabinet Secretary Curt Wood said that EOTSS had “looked for signs of compromise” and “we did not find any at this time.” He also encouraged CIOs to review an advisory from SolarWinds and to make any patches that are necessary as soon as possible.

Bump described the communication as “very reassuring” and Comptroller William McNamara said he “took comfort” in the note from Wood.

“EOTSS is currently putting a plan together to implement software upgrades as recommended by SolarWinds and in line with the advisory sent out by CISA today. Our enterprise network security teams are continuing to monitor for any signs of compromise as a precaution,” an EOTSS spokesperson said in a statement.

Last year, Wood told lawmakers that the state’s computer network is “probed” more than half a billion times each and every day by entities outside the United States looking for a weak spot in the state’s cyber protections that could allow bad actors to infiltrate the state’s information technology infrastructure.

“Every day, we have attacks. Just to give you a frame of reference, we have implemented new technology in the state where we are kind of able to analyze everything that comes into the state network and I will say as of today on a daily basis we receive about 525 million probes a day from foreign soil,” Wood said in September 2019. “They’re pinging our network, they’re scanning our commonwealth network trying to find a vulnerability.”

The alert that CISA sent out Thursday also spurred a reaction from President-elect Joe Biden, who said he and Vice President-elect Kamala Harris had been briefed on the attack.

“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said. He added, “I want to be clear: my administration will make cybersecurity a top priority at every level of government — and we will make dealing with this breach a top priority from the moment we take office.”

Copyright 2021 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Only on | Digital First

More Digital First

Trending Stories

Donate Today