(单词翻译:单击)
听力文本
Governments, Companies Worldwide Hit in Major Cyberattack
A major cyberattack launched earlier this year has reportedly affected governments and corporations worldwide.
Agencies and companies sought to secure their computer networks after the United States and other nations confirmed that a widely used network software program had been hacked. The software is a network management system called SolarWinds.
SolarWinds is an American company that provides network and technical support services to hundreds of thousands of organizations worldwide. Users of its software products include most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East. In the U.S., users include the military, the State Department and the White House.
The incident led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a rare "emergency directive." The directive states that a "compromise of (SolarWind products) poses unacceptable risks to the security of federal networks."
CISA said the directive was issued so that government agencies and private companies could investigate possible hacking of their organizations and take steps to secure their computer networks.
The national cybersecurity agencies of Britain and Ireland issued similar warnings.
The hack is believed to have started as early as March. Experts say the attackers were able to secretly add computer code designed to steal information from network systems.
The attack was discovered after cybersecurity company FireEye confirmed that it was a victim of hacking. FireEye made that attack public earlier this month. While investigating its own hacking, it found that the attack was extremely widespread.
A FireEye vice president, Charles Carmakal, said the company was aware of many "high-value targets that have been compromised." The company said it was attempting to help a number of organizations deal with possible attacks. Carmakal said he expects many more organizations to learn in the coming days that they, too, were hacked.
U.S. officials said Sunday that federal agencies — including the Treasury and Commerce departments — were affected by the attack. The officials provided few details.
Hackers' identity unknown
The identity of the hackers remains unclear.
SolarWinds said it was advised that an "outside nation state" had attacked its systems. Neither the U.S. government nor the affected companies have publicly said which nation state they think is responsible.
One U.S. government official told The Associated Press Monday that Russian hackers are suspected. The official wanted to remain unnamed because of an ongoing investigation.
Unnamed sources told The Washington Post the attack is believed to have been carried out by Russian government hackers. The attackers — identified as APT29 or Cozy Bear — are thought to be part of Russia's foreign intelligence service.
In Moscow, a government spokesman rejected the idea that Russia was involved in the hacking.
Suzanne Spaulding is a former U.S. cybersecurity official who is now an adviser at the Washington-based Center for Strategic and International Studies. She told the AP the cyberattack is "a reminder that offense is easier than defense and we still have a lot of work to do."
Ben Buchanan is an expert on cyberattacks at Georgetown University in Washington D.C. He wrote the book "The Hacker and The State." Buchanan called the hacking incident "impressive, surprising and alarming."
Neither SolarWinds nor U.S. cybersecurity officials have publicly identified which organizations were affected. Experts say that just because a company or agency uses a SolarWinds product does not necessarily mean they were hacked. The code placed by the attackers is thought to have been added at the same time as a new software version was released by SolarWinds between March and June.
I'm Bryan Lynn.
重点解析
重点讲解:
1. be aware of 注意到的;察觉到的;意识到的;
We are fully aware of the dangers.
我们充分意识到危险。
2. attempt to do sth. 尝试,试图(尤指做困难的事);
Our research attempts to evaluate the effectiveness of the different drugs.
我们的研究试图对不同药物的疗效进行评估。
3. neither...nor... 既不…(也不…);
Neither Anna nor I are interested in high finance.
安娜和我对巨额融资都不感兴趣。
4. be involved in 卷入的;参与的;与…有密切关联的;
He was rumoured to be involved in the crime.
有传言说他卷入了这桩罪行。
参考译文
全球政府和企业遭受严重网络攻击
据报道,今年早些时候发起的一起大型网络攻击影响到了世界各国政府和企业。
在美国和其他国家证实一个广泛使用的网络软件程序遭到黑客攻击后,各机构和公司寻求保护其计算机网络。该软件是一个名为“太阳风”(SolarWinds)的网络管理系统。
太阳风是一家为全球数十万组织提供网络和技术支持服务的美国公司。其软件产品的用户包括大多数财富500强公司和以及北美、欧洲、亚洲和中东地区的政府机构。其美国用户包括军方、国务院和白宫。
这一事件导致美国网络安全和基础设施安全局(简称CISA)发布了罕见的“紧急指令”。该指令指出,“太阳风产品的漏洞给联邦网络的安全带来了不可接受的风险。”
美国网络安全和基础设施安全局表示,发布这一指令是为了让政府机构和私营企业能够调查他们可能遭受的黑客攻击,并采取措施保护其计算机网络。
英国和爱尔兰的国家网络安全机构也发出了类似的警告。
据信,这起黑客攻击早在3月份就开始了。专家表示,攻击者能够秘密地添加计算机代码来窃取网络系统中的信息。
网络安全公司“火眼”(FireEye)证实自己是黑客攻击的受害者后,这起攻击才被发现。火眼在本月早些时候公开了这次攻击。该公司在调查自已被黑客攻击时发现,这起攻击极为广泛。
火眼公司副总裁查尔斯·卡马克表示,公司意识到许多“高价值目标已被破坏”。该公司表示,其正试图帮助一些组织应对可能的攻击。卡马克表示,他预计未来几天会有更多组织发现自已也遭到了黑客攻击。
美国官员周日表示,包括财政部和商务部在内的联邦机构受到了这次攻击的影响。官员并未提供太多细节。
黑客身份不明
黑客的身份仍不清楚。
太阳风公司表示,他们被告知“外部国家”攻击了其系统。美国政府和受影响企业都未公开表示他们认为哪个国家应对此负责。
一名美国政府官员周一对美联社表示,他们怀疑是俄罗斯黑客所为。由于调查仍在进行,这名官员不愿透露姓名。
未透露姓名的消息人士对《华盛顿邮报》表示,据信这次袭击由俄罗斯政府黑客发动。来自ATP29或“舒适熊”组织的攻击者被认为是俄罗斯对外情报部门的一部分。
在莫斯科,一名政府发言人否认了俄罗斯参与了这起黑客攻击。
苏珊娜·斯波尔丁是前美国网络安全官员,现为总部位于华盛顿的战略与国际研究中心的顾问。她对美联社表示,这起网络攻击“提醒我们,进攻比防御容易,我们还有很多工作要做。”
本·布坎南是华盛顿乔治敦大学的网络攻击专家,他著有《黑客与国家》一书。布坎南称这起黑客袭击事件“令人印象深刻,且令人惊讶和震惊。”
太阳风公司和美国网络安全官员都未公开确定哪些组织受到了影响。专家表示,不能仅因为企业或机构使用了太阳风公司的产品,就认定他们遭遇了黑客攻击。攻击者放置的代码被认为是在太阳风公司今年3月至6月发布新软件版本时植入。
布莱恩·林恩报道。
译文为可可英语翻译,未经授权请勿转载!
