Beautiful Virgin Islands

Thursday, Sep 18, 2025

Why the US government hack is literally keeping security experts awake at night

Why the US government hack is literally keeping security experts awake at night

The US government is reeling from multiple data breaches at top federal agencies, the result of a worldwide hacking campaign with possible ties to Russia. Investigators are still trying to figure out how much of the government may have been affected and how badly it may have been compromised.

But what little we know has cybersecurity experts extremely worried — with some describing the attack as a literal wakeup call.

"I woke up in the middle of the night last night just sick to my stomach," said Theresa Payton, who served as White House Chief Information Officer under President George W. Bush. "On a scale of 1 to 10, I'm at a 9 — and it's not because of what I know; it's because of what we still don't know."

On Sunday evening, the Commerce Department acknowledged it had been hit by a data breach after Reuters first reported that sophisticated hackers compromised the agency through a third-party software vendor known as SolarWinds. While SolarWinds is not a household name, it works with many businesses and organizations that are.

Since then, more details have emerged suggesting a much wider pattern of compromise. As many as 18,000 SolarWinds customers — out of a total of 300,000 — may have been running software containing the vulnerability that allowed the hackers to penetrate the Commerce Department, the company disclosed in an investor filing this week.

Here's why the cyberattacks disclosed this week are keeping experts up at night — based on who was targeted, the suspected identities of the attackers and their playbook, according to analysts contacted by CNN Business and published security reports.

All federal agencies on alert


One reason the attack is so concerning is because of who may have been victimized by the spying campaign.

At least three US agencies have publicly confirmed they were compromised: The Department of Commerce, the Department of Homeland Security and the Agriculture Department.

But the range of potential victims is much, much larger, raising the troubling prospect that the US military, the White House or public health agencies responding to the pandemic may have been targeted by the foreign spying, too. The Justice Department, the National Security Agency and even the US

Postal Service have all been cited by security experts as potentially vulnerable.

All federal civilian agencies have been told to review their systems in an emergency directive by DHS officials. It's only the fifth such directive to be issued by the Cybersecurity and Infrastructure Security Agency since it was created in 2015.

It isn't just the US government in the crosshairs: The elite cybersecurity firm FireEye, which itself was a victim of the attack, said companies across the broader economy were vulnerable to the spying, too. The software vulnerability that enabled the spying has been found in the tech and telecom industry, as well as at consulting firms and energy companies, according to FireEye.

Security experts say this is merely the beginning. In the coming days, we may learn that many more companies and agencies have been compromised than we initially suspected. And we still don't know what information may have been lost or stolen.

Extraordinarily skilled attackers


Another reason to worry is that the attackers appear to have been extraordinarily skilled and determined.

"The campaign demonstrates top-tier operational tradecraft and resourcing consistent with state-sponsored threat actors," FireEye said, adding that the breaches appear to date as far back as the spring. "Each of the attacks require meticulous planning and manual interaction."

Attributing any cyberattack is hard under the best of circumstances and even more challenging when a sophisticated actor works to cover their tracks, as these did. But US officials have tentatively said that the culprit may have links to Russia.

That agents of a foreign government may have been responsible for the breaches is a worrisome sign of not only the attackers' capabilities, but also their motives. These weren't opportunistic cybercriminals indiscriminately probing whatever targets they could find in hopes of extorting their victims for a quick payday. These were highly motivated attackers who selected each of their victims for a specific purpose that remains unknown.

"If you compromise somebody's network for 6 months, there's a lot of opportunity," said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies, a security think tank. "It's an amazing coup for the Russians — really impressive."

An unusual and creative hack


A third reason for concern is the unusual and creative way the attackers carried out their operation: By disguising the initial attack within legitimate software updates issued by SolarWinds.

"SolarWinds is one of the most widely used and effective tools for network monitoring, including across federal networks and major corporations," said Jamie Barnett, a retired Navy rear admiral and senior vice president at the cybersecurity firm RigNet. "It takes a state-level cyberattack to get into the

SolarWinds updates and patches."

By piggybacking on otherwise trusted software updates, the attackers cleverly took advantage of the normal and recommended best practice of keeping software up to date. Thousands of companies and government agencies could thus have been exposed simply for doing the right thing.

That's what's so scary: It's not clear what could have been done differently in this case, because the very process meant to reassure users that "this software can be trusted" was itself compromised.

Once inside a target, the attackers waited patiently until they collected enough data on authorized users to impersonate them, allowing the hackers to move through a victim's network undetected for months, according to an analysis by the cybersecurity firm CrowdStrike.

The degree of access the hackers enjoyed, as well as the length of time they were able to collect information, may wind up making this "a much worse cyberattack than the Office of Personnel Management breach" disclosed by the US government in 2015, said Barnett. That breach, attributed to Chinese-linked hackers, resulted in the theft of vast troves of personal data on millions of federal employees and security clearance applicants.

The rising frequency and intensity of state-sponsored hacking has some security cybersecurity leaders reiterating calls for a global treaty on cyberwarfare.

"We need a set of binding rules," Microsoft president Brad Smith said at an event Tuesday held by the Ronald Reagan Foundation and Institute. "And we need a commitment by the democracies of the world to hold authoritarian regimes accountable, so they keep their hands off of civilians in this time of peace when it comes to cyberspace."

Other experts are increasingly questioning the reliance of many businesses on just a handful of third-party vendors, and saying that perhaps society makes it a little too easy for data to be accessed or shared, particularly during a pandemic when working remotely is normal for countless individuals.

"It begs the question: 'In cybersecurity, do we have a 'too big to fail' situation? And did it happen right under our noses, while we were telling everybody to spend more, to tool up, to get products?" said Payton.

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
US Tech Giants Pledge Billions to UK AI Infrastructure Following Starmer's Call
Saudi Arabia cracks down on music ‘lounges’ after conservative backlash
DeepMind and OpenAI Achieve Gold at ‘Coding Olympics’ in AI Milestone
SEC Allows Public Companies to Block Investors from Class-Action Lawsuits
Saudi Arabia Signs ‘Strategic Mutual Defence’ Pact with Pakistan, Marking First Arab State to Gain Indirect Access to Nuclear Strike Capabilities in the Region
Federal Reserve Cuts Rates by Quarter Point and Signals More to Come
Effective and Impressive Generation Z Protest: Images from the Riots in Nepal
European manufacturers against ban on polluting cars: "The industry may collapse"
Sam Altman sells the 'Wedding Estate' in Hawaii for 49 million dollars
Trump: Cancel quarterly company reports and settle for reporting once every six months
Turkish car manufacturer Togg Enters German Market with 5-Star Electric Sedan and SUV to Challenge European EV Brands
US Launches New Pilot Program to Accelerate eVTOL Air Taxi Deployment
Christian Brueckner Released from German Prison after Serving Unrelated Sentence
World’s Longest Direct Flight China Eastern to Launch 29-Hour Shanghai–Buenos Aires Direct Flight via Auckland in December
New OpenAI Study Finds Majority of ChatGPT Use Is Personal, Not Professional
Hong Kong Industry Group Calls for HK$20 Billion Support Fund to Ease Property Market Stress
Joe Biden’s Post-Presidency Speaking Fees Face Weak Demand amid Corporate Reluctance
Charlie Kirk's murder will break the left's hateful cancel tactics
Kash Patel erupts at ‘buffoon’ Sen. Adam Schiff over Russiagate: ‘You are the biggest fraud’
Homeland Security says Emmy speech ‘fanning the flames of hatred’ after Einbinder’s ‘F— ICE’ remark
Charlie Kirk’s Alleged Assassin Tyler Robinson Faces Death Penalty as Charges Formally Announced
Actor, director, environmentalist Robert Redford dies at 89
The conservative right spreads westward: a huge achievement for 'Alternative for Germany' in local elections
JD Vance Says There Is “No Unity” with Those Who Celebrate Charlie Kirk’s Killing, and he is right!
Trump sues the 'New York Times' for an astronomical sum of 15 billion dollars
Florida Hospital Welcomes Its Largest-Ever Baby: Annan, Nearly Fourteen Pounds at Birth
U.S. and Britain Poised to Finalize Over $10 Billion in High-Tech, Nuclear and Defense Deals During Trump State Visit
China Finds Nvidia Violated Antitrust Laws in Mellanox Deal, Deepens Trade Tensions with US
US Air Force Begins Modifications on Qatar-Donated Jet Amid Plans to Use It as Air Force One
Pope Leo Warns of Societal Crisis Over Mega-CEO Pay, Citing Tesla’s Proposed Trillion-Dollar Package
Poland Green-Lights NATO Deployment in Response to Major Russian Drone Incursion
Elon Musk Retakes Lead as World’s Richest After Brief Ellison Surge
U.S. and China Agree on Framework to Shift TikTok to American Ownership
London Daily Podcast: London Massive Pro Democracy Rally, Musk Support, UK Economic Data and Premier League Results Mark Eventful Weekend
This Week in AI: Meta’s Superintelligence Push, xAI’s Ten Billion-Dollar Raise, Genesis AI’s Robotics Ambitions, Microsoft Restructuring, Amazon’s Million-Robot Milestone, and Google’s AlphaGenome Update
Le Pen Tightens the Pressure on Macron as France Edges Toward Political Breakdown
Musk calls for new UK government at huge pro-democracy rally in London, but Britons have been brainwashed to obey instead of fighting for their human rights
Elon Musk responds to post calling for the murder of Erika Kirk, widow of Charlie Kirk: 'Either we fight back or they will kill us'
Czech Republic signs €1.34 billion contract for Leopard 2A8 main battle tanks with delivery from 2028
USA: Office Depot Employees Refused to Print Poster in Memory of Charlie Kirk – and Were Fired
Proposed U.S. Bill Would Allow Civil Suits Against Judges Who Release Repeat Violent Offenders
Penske Media Sues Google Over “AI Overviews,” Claiming It Uses Journalism Without Consent and Destroys Traffic
Indian Student Engineers Propose “Project REBIRTH” to Protect Aircraft from Crashes Using AI, Airbags and Smart Materials
French Debt Downgrade Piles Pressure on Macron’s New Prime Minister
US and UK Near Tech, Nuclear and Whisky Deals Ahead of Trump Trip
One in Three Europeans Now Uses TikTok, According to the Chinese Tech Giant
Could AI Nursing Robots Help Healthcare Staffing Shortages?
NATO Deploys ‘Eastern Sentry’ After Russian Drones Violate Polish Airspace
Anesthesiologist Left Operation Mid-Surgery to Have Sex with Nurse
Tens of Thousands of Young Chinese Get Up Every Morning and Go to Work Where They Do Nothing
×