CISA officers on 23rd of September reported about a potential government-backed hacker organization that has tried to break the Port of Houston networks, one of the major port agencies in the United States, employing zero-day vulnerabilities in a Zoho user authentication device.
Authorities at the Port claimed they fought the attack effectively, adding that the attempted breach was not influenced by operational data or systems.
The attack investigation was launched that led to the formation of a combined advisory on 16 September by the CISA, the FBI, and the Coast Guard alerting American organizations of cyberattacks by a nation-state hacking group utilizing the Zoho zero-day.
The zero-day was employed mostly in late August cyberattacks according to Matt Dahl, Principal Intelligence Analyst at the CrowdStrike security firm. Nevertheless, on 8 September Zoho fixed the vulnerability (CVE-2021-40539), whereupon CISA additionally sent the first warning on the ongoing attacks.
CISA officials have claimed that they have still not given a specific hacking organization or foreign government the credit for the attack on the Port of Houston.
The Port Houston is the nation’s largest port with a waterborne tonnage and a vital economic powerhouse for the Houston area, the State of Texas, and the United States, which has held and managed public wharves and terminals along with Houston Ship Chanel for over 100 years. More than 200 private terminals and eight public terminals along with the federal waterway aid nearly 1.35 million jobs in Texas and a national 3.2 million jobs, while $339 billion in economic activity in Texas—20.6% of Texas’ total gross domestic product (GDP), with economic impacts totaling $801.9billion across the country.
“[A]ttribution can always be complicated in terms of being able to dispositively say who that threat actor is,” CISA Director Jen Easterly told senators in a meeting of the Senate Homeland Security and Governmental Affairs Committee.
“But we are working very closely with our interagency partners and the intelligence community to better understand this threat actor so that we can ensure that we are not only able to protect systems, but ultimately to be able to hold these actors accountable,” the CISA Director added, who categorized the attackers as a “nation-state actor” in an answer to a subsequent question.
However, The officers of Port of Houston did not respond to the response request to gather further facts regarding the attack.