Emails from the U.S. Treasury and Commerce departments have been spied on by hackers believed to be working for Russia, Reuters reported Sunday.
The Commerce Department confirmed in a statement that there was a breach, according to Reuters. The FBI and the Cybersecurity and Infrastructure Security Agency have been asked to investigate the incident.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesperson John Ullyot said in a statement according to a New York Times (NYT) report.
Three people familiar with the matter said that Russia is believed to be responsible for the hacking, although the U.S. government has not confirmed that. The breach is related to a recent hack on U.S. cybersecurity company FireEye, two of the people told Reuters. (RELATED: Repair Shop Owner Who Leaked Hunter Biden Data Says He Is, In Fact, Not A Russian Spy)
Russia denied any involvement, calling the allegations an “unfounded” attempt by the media to blame Russia for hacks on the United States government.
“Malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations,” the Russian embassy said in a statement, according to NYT. “Russia does not conduct offensive operations in the cyber domain.”
Officials warned that the email breach could be just the beginning of a large-scale cyber attack. The investigation is still in its early stages, and the full scope of the attack is not yet clear, three people familiar with the matter told Reuters.
“This is a much bigger story than one single agency,” a person familiar with the matter told Reuters. “This is a huge cyber espionage campaign targeting the U.S. government and its interests.”
The hackers were able to gain access through a “supply chain attack,” where malicious code is embedded into legitimate software updates. The updates that were tampered with were released by IT company SolarWinds, which serves customers from the executive branch, the military and intelligence services, two people familiar with the matter said according to Reuters.
SolarWinds said in a tweet Sunday night that all customers should “immediately” upgrade their software “to address a security vulnerability.”
SolarWinds asks all customers to upgrade immediately to Orion Platform version 2020.2.1 HF 1 to address a security vulnerability. More information is available at https://t.co/scsUhZJCk8
— SolarWinds (@solarwinds) December 14, 2020
“SolarWinds has just been made aware our systems experienced a highly sophisticated, manual supply chain attack” on software that was released between March and June 2020, the company said in a statement. “We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.”
Four people briefed on the matter said that the U.S. intelligence community expressed concerns that other government agencies are at risk because SolarWind has a diverse customer base, Reuters reported.
Staff emails at the National Telecommunications and Information Administration (NTIA) were monitored for months after “highly sophisticated” hackers broke into the agency’s office software, Microsoft’s Office 365, sources told Reuters. The compromise was recently discovered but some evidence suggests that the breach dates back to the summer, a senior U.S. official said.
The Cybersecurity and Infrastructure Security Agency (CISA) has been “working closely with our agency partners regarding recently discovered activity on government networks,” a spokesperson said according to the report. “CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
