Today's D Brief: Feds scramble amid biggest hack in years; COVID vaccine arrives; NDAA passes over veto threat; Electors vote today; And a bit more.

The U.S. government was hit with a seemingly new kind of cyber attack (or "intrusion") that gave hackers access to sensitive email systems possibly as early as March. The attack was only discovered this weekend, according to Reuters, whose cybersecurity reporter Chris Bing broke the story Sunday afternoon. And its discovery was “so serious it led to a National Security Council meeting at the White House on Saturday,” Bing reports. 

Rewind: You may remember last week the cybersecurity firm FireEye announced that it had been hacked by an unknown “nation-state.” The new discovery of these federal-level breaches is the result of FireEye’s post-attack forensics, which you can read in full, here

Known targets (so far) include the U.S. Treasury and Commerce Departments, according to the Wall Street Journal. Those targets appear to have been hit thanks to a malicious software update apparently secretly injected into Orion technology management software products from the Austin-based network-management firm SolarWinds. The New York Times described it as “one of the most sophisticated and perhaps largest hacks in more than five years.” 

In other words, this appears to be a potentially wide-scale “supply chain hack,” which are quite difficult operations that can require many months of planning and long-game strategizing to align the right personnel and skill sets for just the right opportunity. And it’s all very serious because by noon today, every federal agency that uses SolarWinds products must shut it down — and submit a “completion report” to the Department of Homeland Security. 

Atop the list of likely culprits: Russia’s foreign-intelligence service, according to the Journal. “Hackers believed to be working for Russia” is how Reuters describes the suspects. “[A]lmost certainly a Russian intelligence agency,” the Times reports. (For the record, Russia’s foreign ministry says the allegations are unsubstantiated. More from Russian state-sponsored media, here.)

SolarWinds says its customers include all five branches of the U.S. military, the Pentagon, State Department, NASA, NSA, the Postal Service, NOAA, the Department of Justice, and the Office of the President of the United States. They also serve more than 400 of Fortune’s top 500 companies, including Lockheed Martin, as well as “All five of the top five US accounting firms,” “All ten of the top ten US telecommunications companies,” and “Hundreds of universities and colleges worldwide.”

"This is a much bigger story than one single agency," one person familiar with the matter told Reuters. "This is a huge cyber espionage campaign targeting the U.S. government and its interests."

On the bright side, FireEye officials told the Journal “the attacks weren’t like a worm that automatically attacks different systems and that, instead, each individual attempted intrusion required ‘meticulous planning and manual interaction.’”

What now? Every single federal civilian agency needs “to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately,” the Cybersecurity and Infrastructure Security Agency said in an emergency alert Sunday evening. Meanwhile, multiple federal agencies are investigating. And that includes the FBI and FireEye. 

Don’t be surprised if that target list grows substantially — beyond the Treasury and Commerce departments — over the next several days, prominent infosec specialists Dmitri Alperovitch and Jake Williams told the Associated Press. More here

For your ears only: Go back in time to review the history of cyberwarfare with the last episode in our three-part podcast series from the summer of 2019. In it you’ll learn, at least in part, how Alperovitch’s own professional history parallels some of Russia and China’s biggest and most impactful hacks in the 21st century. Grab your headphones and start listening here


From Defense One

US Embassies Were Hit with High-Power Microwaves. Here’s How That Works // Edl Schamiloglu, The Conversation: A National Academies report sheds some light on the mysterious ailments that have afflicted U.S. personnel in several countries for several years.

Train Troops to Use Social Media More Effectively // Madison Sargeant: It’s a tool, like any other. We may as well know how to use it.

The Pentagon Is Ill-Organized to Improve Its Use of Electromagnetic Spectrum, GAO Says // Patrick Tucker: Old ways and means are quickly becoming obsolete — but spectrum issues remain everyone’s second job.

This Is Only Going to Get Worse // The COVID Tracking Project, The Atlantic: The United States is entering a long, dark period, and the pandemic is already breaking records from the spring.

Welcome to this Monday edition of The D Brief from Ben Watson with Bradley Peniston. Send us tips from your community right here. And if you’re not already subscribed to The D Brief, you can do that here


The COVID vaccine has arrived in New York, and the first vaccinations are expected to take place later today — the same day the U.S. is set to pass 300,000 deaths, the New York Times reports.
In context Here's AP, on the historical significance of this week's developments: "The rollout of the Pfizer vaccine, the first to be approved by the Food and Drug Administration, ushers in the biggest vaccination effort in U.S. history — one that health officials hope the American public will embrace, even as some have voiced initial skepticism or worry. Shots are expected to be given to health care workers and nursing home residents beginning Monday.” More, here.
WH reversal: The White House planned to vaccinate staffers with the first tranche of shots, even sending a spokesperson for the National Security Council to defend the decision in a media appearance on Sunday. Hours later, President Trump tweeted that he would delay some of those vaccinations. More to all that, here.
Idaho’s Republican governor just added 150 National Guard troops to the 100 he already requested to help with Covid-19 testing, decontamination and screening. AP has more from Boise, here.

The Senate passed its annual defense authorization bill, which POTUS45 says he wants to veto for two reasons — it will change the name of bases bearing Confederate officer names, and it does not include a measure restricting social media companies in a way Trump wants. But the bill passed on Friday with a veto-proof majority, 84-13.
On Sunday, Trump offered a third reason he will veto the $741 billion bill: “The biggest winner of our new defense bill is China! I will veto!” Trump tweeted. However, Politico reported Friday, “Congressional leaders have telegraphed that they’ll likely be able to muster enough votes to overturn Trump’s veto, though some Republicans could side with Trump on an override vote.” More here

The Electoral College votes today to confirm President-elect Joe Biden’s victory over President Donald Trump. Today’s voting is a procedural move that, in an ordinary election year, most Americans wouldn’t pay much attention to; but this year, thanks to what the New York Times calls “the president’s theater of grievance and denial,” these procedural formalities take on heightened importance.
In Michigan, “credible threats of violence” have prompted officials to close state Senate and House offices while the state’s electors vote today, the Washington Post reported Sunday evening.
Trump’s recently Covid-infected lawyer Rudy Giuliani says he has “four or five” more lawsuits planned this week at the state level. Giuliani was speaking to Newsmax after the Supreme Court on Friday rejected Texas and Trump’s unprecedented GOP-backed request to overturn the election by tossing out some 20 million votes in four other states.
The big problem with Texas’s request, according to the short decision (PDF) released Friday by SCOTUS: The state had no legal standing. Or, as the decision reads, “Texas has not demonstrated a judicially cognizable interest in the manner in which another State conducts its elections.” Read more on the decision from the Wall Street Journal, here.
What happens now to the reputations of folks like House Republican Leader Kevin McCarthy, Minority Whip Steve Scalise of Louisiana, Rep. Rob Wittman of Virginia, and the 123 other House GOPers who signed on to the Texas lawsuit in a letter made public last week? Here’s Politico reporting Friday on why Republican senators are treating the Texas suit very differently from their House colleagues. 

Lastly: President-elect Biden plans to address the nation this evening. His remarks will, in part, include a message for defiant Republicans in the hopes that they will “accept Trump’s defeat and focus their attention on fighting the coronavirus pandemic and staving off economic tumult,” AP reports in a preview.