Cyberattacks Target NASA, FAA, and Other U.S. Entities

Reports indicate that networks belonging to the National Aeronautics and Space Administration (NASA) and the Federal Aviation Administration (FAA) have been compromised. This breach is part of a broader espionage operation aimed at both U.S. governmental bodies and private sector organizations.

Details of the Breach

The Washington Post disclosed the involvement of NASA and the FAA on Tuesday. This announcement preceded a Senate Intelligence Committee hearing convened to investigate the extensive cyberattack. The previous administration attributed the attack to actors “likely Russian in origin.”

A NASA representative acknowledged the report but refrained from providing further details due to an “ongoing investigation.” Similarly, the FAA did not offer a response to inquiries regarding the matter.

Scope of the Attack

It is understood that NASA and the FAA represent the final two previously unidentified agencies affected by the attack. A total of nine government agencies have now been confirmed as victims.

The other seven agencies impacted include the Departments of Commerce, Energy, Homeland Security, Justice, and State, as well as the Treasury and the National Institutes of Health. However, it is not believed that the attackers gained access to classified networks within these organizations.

Cybersecurity firms such as FireEye, Microsoft, and Malwarebytes were also among those breached during these attacks.

Potential Response

The Biden administration is reportedly formulating sanctions against Russia. This action is largely a consequence of the identified hacking campaign.

Attack Methodology

The attacks were initially detected last year when FireEye alerted authorities to the campaign after experiencing a breach of its own network. Victims were customers of SolarWinds, a U.S. software company.

SolarWinds’ network management tools are widely utilized throughout the federal government and by Fortune 500 companies. Hackers infiltrated SolarWinds’ network, introducing a backdoor into their software.

This backdoor was then disseminated to customer networks via a compromised software update.

However, this wasn't the sole entry point. The attackers also reportedly targeted other companies by exploiting vulnerabilities in devices and appliances connected to victim networks.

Furthermore, they targeted vendors associated with Microsoft to gain access to additional customer networks.

Ongoing Investigation

Anne Neuberger, recently appointed as the deputy national security adviser for cyber and emerging technology, stated that the attack required “months to plan and execute.”

She also emphasized that a comprehensive understanding of the attack’s full extent will “take us some time to uncover this layer by layer.”