NCSC investigate whether UK was impacted by cyberattack on US agencies

Security services are currently investigating whether a major cyber attack targeting US government agencies has had any impact on the UK.

Experts suspect that Russian hackers are behind the incident which affected a server software called SolarWinds Orion, used by organisations across the world, including US Treasury and Commerce departments, and thought to be linked to an earlier cyberespionage campaign against cybersecurity firm FireEye.

According to the US Cybersecurity and Infrastructure Security Agency (CISA), the vulnerability allowed an attacker to gain access to network traffic management systems with a “high potential for a compromise of agency information systems”.

The Embassy of Russia in the USA called reports of the country’s involvement “unfounded attempts of the US media to blame Russia for hacker attacks on US governmental bodies”.

In the UK, the National Cyber Security Centre (NCSC), part of GCHQ, said it is “working closely with FireEye and international partners” to understand any ramifications across the Atlantic.

“Investigations are ongoing and we are working extensively with partners and stakeholders to assess any UK impact,” a spokesman said.

“The NCSC recommends that organisations read FireEye’s update on their investigation and follow the company’s suggested security mitigations.”

Speaking about the situation at a Chatham House event on Monday, GCHQ director Jeremy Fleming said both cases are “very serious”.

“We are working at pace with US partners in government and in the private sector to understand what this means,” he said.

“I haven’t seen any news as yet on the extent to which any customers of FireEye – or the particular instances which have affected US government – have been affected here and have had an impact here in the UK, but obviously we’ll continue to work very closely with them and if we do we’ll work very quickly to make sure that the most up-to-date advice is out there. “