U.S. officials have not said much publicly beyond the Commerce Department confirming there was a breach at one of its agencies and that they asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate. The trick - often referred to as a “supply chain attack” - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties. Staff emails at the agency were monitored by the hackers for months, sources said. A spokesperson for the Cybersecurity and Infrastructure Security Agency said they have been “working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”The FBI and U.S. National Security Agency did not respond to a request for comment.

Source: Standard Digital December 14, 2020 07:18 UTC