05 美国遭受严重网络攻击
美国网络官员警告,本周发现的一起重大网络攻击仍在继续,对美国的政府、关键基础设施和私营部门构成“危重风险”。
Photo credit:FTChinese
全文共754个词,by Hannah Murphy in San Francisco
US cyber officials warned that a major cyber attack unearthed this week was still continuing and posed a“grave risk” to the government, critical infrastructure and private sector.
美国网络官员警告称,本周发现的一起重大网络攻击仍在继续,对美国的政府、关键基础设施和私营部门构成“危重风险”。
The update on the SolarWinds hack is the first time the US has confirmed the scale of the attack and the difficulty involved in finding and removing perpetrators from secure networks.
关于SolarWinds遭黑客攻击的最新情况通报,是美国官方首次确认这起攻击的规模以及在安全网络中查找和清除攻击者的难度。
Photo credit:Getty Images
Thousands of businesses and government agencies may have been exposed after downloading compromised software from SolarWinds, a Texas-based IT group.
可能有数以千计的企业和政府机构陷入危险,因为它们都从总部位于得克萨斯州的IT集团SolarWinds下载了受感染的软件。
But the Cybersecurity and Infrastructure Security Agency said on Thursday that the hackers had gained access to systems using other means than the SolarWinds software.
但是美国网络安全与基础设施安全局(CISA)周四表示,黑客曾使用SolarWinds软件以外的其他手段访问系统。
Cisa said the hackers had “demonstrated sophistication and complex tradecraft in these intrusions” and that it would be “highly complex and challenging” to remove the hackers from compromised systems.
网络安全与基础设施安全局表示,这些黑客“在这些入侵行为中展示出高度内行以及复杂的间谍手法”,从已被侵入的系统清除这些黑客将是“高度复杂和具有挑战的”。
The agency cited a report published by cyber group Volexity detailing attacks by the same hackers against an unnamed US think-tank, including one that used new methods to bypass multi-factor authentication security.
该局援引网络集团Volexity发布的一份报告,其中详细介绍了同一批黑客针对一家名称不详的美国智库的攻击,包括使用新颖方法绕过“多因素身份验证”(MFA)的安全设置。
It added that it had “evidence” of “access vectors, other than the SolarWinds Orion platform” which were being investigated.
该局补充称,它有“证据”表明存在“SolarWinds Orion平台以外的访问渠道”,这些渠道正得到调查。
FireEye, SolarWinds and some US officials have blamed “nation-state” hackers for the breach, which first came to light at the end of last week. Cyber security experts, plus several politicians, have singled out Russian intelligence as the culprit, although Russia has strongly denied any involvement.
FireEye(网络安全公司)、SolarWinds以及一些美国官员将这起黑客攻击归咎于“国家队”黑客;这起攻击在上周结束时首次浮出水面。网络安全专家以及数名政界人士已将俄罗斯情报部门列为幕后黑手,尽管俄罗斯坚决否认与此事有任何关联。
Photo credit:Getty Images
“Today’s classified briefing on Russia’s cyber attack left me deeply alarmed, in fact downright scared,”Richard Blumenthal, Democratic senator from Connecticut wrote on Twitter on Wednesday. “Americans deserve to know what’s going on. Declassify what’s known & unknown.”
“今日关于俄罗斯网络攻击的机密简报使我深感震惊,实际上让我十分恐惧,”康涅狄格州民主党参议员理查德·布卢门撒尔(Richard Blumenthal)周三在Twitter上写道,“美国人应该知道正在发生什么事情。(有关部门应该)解密已知和未知的情况。”
President-elect Joe Biden said in a statement that he had been briefed by US government officials on the attack and vowed to impose “substantial cost” on adversaries who penetrate US computer systems.
当选总统乔·拜登(Joe Biden)在一份声明中表示,他已听取了美国政府官员们关于这起攻击的简报。他誓言要让攻入美国电脑系统的对手付出“巨大代价”。
Photo credit:Getty Images
“We need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place,” Mr Biden said. “Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation.”
“我们首先需要打乱和吓阻对手,使其不敢发起重大网络攻击,”拜登表示,“我们的对手应该知道,面对我们国家受到的网络攻击,我作为总统不会袖手旁观。”
The agency also confirmed reports that, once inside a victim’s networks, the hackers were able to pose as other accounts and gain privileged access to certain systems, such as email services, travel services and file storage services.
网络安全与基础设施安全局还证实了一些报道的说法,即在进入受害者的网络后,黑客可以冒充其他账户,获得对某些系统(如电子邮件服务、旅行服务和文件存储服务)的访问特权。
In particular, it said it had seen “adversaries targeting email accounts belonging to key personnel, including IT and incident-response personnel”.
该局特别指出,它已经看到“对手对属于关键人员——包括IT和事件响应人员——的电子邮件账户下手。”
As a result, it warned that “discussion of findings and mitigations should be considered very sensitive, and should be protected by operational security measures”. It recommended that victims communicate via other channels that have not been exposed in any way.
因此,该局警告称:“有关调查发现和缓解措施的讨论应该被认为是非常敏感的,应该得到操作安全措施的保护”。该局建议受害者通过尚未以任何方式暴露的其他渠道进行沟通。
FireEye said on Wednesday it had identified a kill switch that could stop the attackers from continuing to lurk inside networks in some cases.
FireEye周三表示,它已经识别出一种“杀死开关”(kill switch),在某些情况下可以制止攻击者继续潜伏在网络内部。