Target 12 on WPRI.com

RI so far not affected by global cyberattack tied to Russia, officials say

Target 12

(AP Photo/Matt Rourke, File)

PROVIDENCE, R.I. (WPRI) — Rhode Island officials report computer systems across multiple state agencies have not been compromised as part of the global hack tied to Russia.

The hack — already being described as the “most consequential cyberespionage campaign in history” — targeted the IT management company SolarWinds, which claims to serve thousands of clients, including businesses and governments across the United States.

Rhode Island does not appear to be one of them, according to multiple state officials.

The R.I. Division of Information Technology “does not leverage SolarWinds Orion on our network and we have experienced no impact as a result of the malware,” spokesperson Robert Dulski wrote in an email.

The division, under the umbrella of the R.I. Department of Administration, serves the state’s executive branch, comprising most agencies under Gov. Gina Raimondo.

R.I. House of Representatives spokesperson Larry Berman said the General Assembly “had no issues.” R.I. Secretary of State Nellie Gorbea spokesperson Nick Domings likewise said the State Department does not use any products of SolarWinds or FireEye. The latter — a cyber security firm that was working with SolarWinds — alerted U.S. officials about the hack after discovering it last week.

R.I. Office of General Treasurer spokesperson Rosie Hilmer said her office wasn’t affected, but continues to monitor its systems.

“While the Office of the General Treasurer was not impacted by this latest event, we are constantly monitoring our systems and working with our state partners to be alert to the latest threats and prepared to respond as necessary,” Hilmer wrote in an email.

SolarWinds issued a statement last week, describing the hack as “highly sophisticated.”

“The attacks on our systems were incredibly complex, and it will take some time for our investigative work to be complete,” officials wrote in a regulatory filing.

Federal officials, including Secretary of State Mike Pompeo, suspect Russian government hackers are behind the attack, which appears to have started since as far back at March. Russia has denied involvement and President Donald Trump downplayed the country’s involvement over the weekend, tweeting, “everything is well under control.”

President-elect Joe Biden has criticized the attack and indicated he will take action against those behind it after taking office next month.

“Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation,” Biden said in a statement last week.

The hackers reportedly breached the IT systems of multiple federal agencies, including Commerce, Defense, Homeland Security, State, Treasury and the part of the Energy Department that oversees the country’s nuclear weapons.

For Rhode Island, not being a SolarWind customer is good news. But what other fallout might come from the attack remains unclear. Through SolarWind, hackers breached other computer systems, including Microsoft, according to a report by Reuters, raising concerns among cybersecurity experts about the breadth of the attack.

“Microsoft isn’t just in a couple or even tens of thousands of places, it’s in millions of places,” Columbia University’s Jason Healey told Vox. “The absolute worst case is if they were able to do to Microsoft what they did to SolarWinds, and when we use Microsoft email, we have accepted Russian code. Potentially, then, everybody who’s using Microsoft 365 was compromised.”

Microsoft released a statement, saying it has “not found evidence of access to production services or customer data,” but that it’s investigations are ongoing.

“Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,” company officials said.

Microsoft President Brad Smith also wrote a blog post on the company’s website, saying in part that the attack provides a “moment of reckoning.”

“This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms,” Smith wrote. “It illuminates the ways the cybersecurity landscape continues to evolve and become even more dangerous.

In Rhode Island, Dulski said the IT division has already taken steps toward protect the state’s systems against what’s known about the hackers so far.

“DoIT has leveraged our cyber intelligence sources to obtain the known malicious IP’s to block those as well,” he said.

Eli Sherman (esherman@wpri.com) is a Target 12 investigative reporter for WPRI 12. Follow him on Twitter and on Facebook.

Copyright 2021 Nexstar Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.

Providence

Download Mobile Apps from WPRI 12
DOWNLOAD APPS NOW: Apple App Store | Google Play Store

12 on 12 - Cold Case Cards: All In

More Cold Case Cards All In
Watch 12 on 12: The Mafia Tapes - Only on WPRI.com
PINPOINT WEATHER // Quick Links:

Your Local Election HQ

Dan Yorke State of Mind: Dan's Daily Update

DYSOM 2/19/21: Richard Arenberg and Joseph Cammarano

More Dan Yorke State of Mind

Don't Miss

Viewer Pa on WPRI.com

LIVE CAMS on WPRI.com

More Live Cams

Community Events & Happenings

More Community