Image courtesy: The Record by Recorded Future
CISA representatives claimed at a Senate hearing today, that a suspected state-sponsored hacking organisation has tried to break the port of Houston network, a significant port authority in the US, with a vulnerability of zero days in a user authentication unit. The Port officials have successfully repelled the attack, and “the attempted breach has not affected operational data or systems.”
The investigation into the assault culminated in the issuing of a combined alert on 16 September to CISA, FBI and Coast Guard warning US companies of the attacks of a Zoho zero-day national hacker gang.
The zero-day assaults were carried out in late August, according to Matt Dahl, the main intelligence analyst of CrowdStrike. On September 8, when CISA also provided the initial warning about continuing assaults, Zoho fixed the vulnerability (CVE-2021, 40539).
Officials of the CISA indicated that a specific hacking organisation or foreign government has yet to be connected to the attack on the Port of Houston. The CISA Director Jen Easterly stated today at the meeting of the Senate Homeland Security and Government Affairs Committee, that “attribution of the danger may always be complicated by being able to say deviantly who this threat actor is.”
“The most advanced threat actors are certainly able to conceal their tracks and obscure their existence in order to survive in networks for extended periods and be able to extract the information, as we witnessed with SolarWinds.
“We are, however, working very closely with our interagency partners and the information community to improve understanding of this threat actor so that we are capable, as well as of protecting systems, of holding those actors ultimately accountable,” said the CISA director, who classified the attackers as a “national actor” in the reply to a subsequent question.
