Suspected Russian hackers spied on US agencies
15 December, 2020
Hackers thought to be working for Russia have already been monitoring internal email traffic at the US Treasury Department and a company that decides internet and telecommunications policy, according to people familiar with the matter.
There is concern within the US intelligence community that the hackers who targeted Treasury and the Commerce Department's National Telecommunications and Information Administration used an identical tool to break right into other government agencies, according to four persons briefed on the problem.
The people didn't say which other agencies, but late Sunday (Dec 13) Austin, Texas-based IT company SolarWinds said software updates it released in March and June of this year might have been surreptitiously tampered with in a "highly sophisticated, targeted and manual supply chain attack by a nation state".
SolarWinds stopped short of saying the hack at Treasury occurred via them, but two of the persons familiar with the investigation said the business was believed to be the channel by which the hackers got in.
A good representative for SolarWinds didn't immediately return messages seeking comment.
SolarWinds says on its website that its customers inlcude almost all of America's Fortune 500 companies, all top U.S. telecommunications providers, all five branches of the U.S. military, the State Department, the National Security Agency, and the Office of President of the United States.
Three of the persons acquainted with the investigation said Russia happens to be believed to be behind the attack.
Two of the people said that the breaches are actually connected to a wide campaign that also involved the recently disclosed hack on FireEye, a significant U.S. cybersecurity company with government and commercial contracts.
"The United States government is aware of these studies and we are choosing all necessary steps to recognize and solution any possible issues linked to this example," said National Security Council spokesman John Ullyot.
The hack is so serious it resulted in a National Security Council meeting at the White House on Saturday, said among the people familiar with the problem.
The Commerce Department confirmed there was a breach at among its agencies in a statement. "We've asked the Cybersecurity and Infrastructure Security Agency and the FBI to research, and we cannot comment further at the moment."
"HUGE CYBER ESPIONAGE CAMPAIGN"
The breach presents a significant challenge to the incoming administration of President-elect Joe Biden as officials investigate what information was stolen and make an effort to ascertain what it'll be used for. It isn't uncommon for large scale cyber investigations to consider months or years to complete.
"This is a good much bigger story than one single agency," said among the people familiar with the matter. "This is an enormous cyber espionage campaign targeting the U.S. government and its own interests."
Hackers broke into the NTIA's office software, Microsoft's Office 365. Staff emails at the agency had been monitored by the hackers for months, sources stated.
A Microsoft spokesperson didn't immediately react to a request for comment. Neither do a spokesman for the Treasury Department.
The hackers are "highly sophisticated" and also have been able to trick the Microsoft platform's authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because these were not allowed to talk with the press.
"This is a good nation state," said someone different briefed on the problem.
The entire scope of the breach is unclear. The investigation is still its first stages and involves a variety of federal agencies, including the FBI, according to three of the persons familiar with the problem.
A good spokesperson for the Cybersecurity and Infrastructure Security Agency said they have been "working closely with our agency partners regarding recently learned activity on government networks. CISA offers technical assistance to damaged entities as they work to identify and mitigate any potential compromises."
The FBI and U.S. National Security Agency didn't immediately react to a obtain comment.
There is most indication that the email compromise at NTIA dates back to this summer, though it was only recently discovered, according to a senior U.S. official.
Source: www.channelnewsasia.com