U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia
- 14 December 2020
Multiple federal government agencies, including the U.S. Treasury and Commerce departments, have had some of their computer systems breached as part of a widespread cyber espionage campaign believed to be the work of the Russian government, according to officials and people familiar with the matter, APA reports citing The WSJ.
Russia’s foreign intelligence service is suspected of being behind the hacks of the U.S. government networks—in which some internal communications are believed to have been stolen—and the operation is related to a cyber breach disclosed last week of U.S.-based cybersecurity firm FireEye, one of the people familiar with the matter said.
The person added that several government agencies in total have likely been compromised.
The hacking operation exposed hundreds of thousands of government and corporate networks to potential risk and alarmed national security officials in the Trump administration as well as executives at FireEye, some of whom view it as more significant than a routine case foreign cyber espionage, people familiar with the matter said.
While those familiar with the hack couldn’t precisely specify its scope or the resulting damage to the U.S. government, several described it as among the most potentially worrisome cyberattacks in years, as it may have allowed Russia to access sensitive information from government agencies, defense contractors and other industries.
The Commerce Department in a statement confirmed that one of its bureaus had been breached and that it was working with federal partners, including the Federal Bureau of Investigation, to probe the matter, but declined to comment further. The hack of Commerce systems includes the National Telecommunications and Information Administration, a unit that works on technology policy issues, the person familiar with the matter said.
The Treasury Department and FBI didn’t immediately respond to requests for comment, nor did a spokesman for FireEye.
A spokesman for Russia’s embassy in Washington didn’t immediately respond to a request for comment. The country previously has denied engaging in cyberattacks against the U.S. government.
“We have been working closely with our agency partners regarding recently discovered activity on government networks,” said a spokeswoman for the Cybersecurity and Infrastructure Security Agency, a Department of Homeland Security agency that helps government and businesses address cyberattacks. “CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
The hackers were able to infiltrate the systems of government agencies as well as FireEye through a vulnerability in a product from SolarWinds Inc., a U.S. network management company, the person familiar with the matter said.
The apparent use of a flaw in SolarWinds technology could be problematic, as the company says it has over 300,000 customers world-wide, including more than 400 of the U.S. Fortune 500 companies.
Based in Austin, Texas, SolarWinds Worldwide LLC employs more than 3,200 people and counts Booz Allen Hamilton, the Secret Service, the Defense Department, the Federal Reserve Bank, Lockheed Martin Corp. and PricewaterhouseCoopers LLP, among its customers, according to the SolarWinds website.
A SolarWinds spokesman said the company was aware of a potential vulnerability related to updates of its Orion technology management software that were released between March and June of this year.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” the spokesman said in an email. The company is working with FireEye, the intelligence community and law enforcement on an investigation, he said.
Sophisticated hackers increasingly have sought to rely on so-called supply-chain attacks where they can harness a vulnerability in a common product or service used widely across the internet to rapidly hack scores of victims before the compromises are detected.
Reuters reported earlier Sunday that the Treasury and Commerce agencies had been hacked by a group supported by a foreign government. The hacks prompted an emergency weekend meeting of the White House National Security Council on Saturday, according to Reuters.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” NSC spokesman John Ullyot said.
FireEye said last week that it was hacked in what it said was a highly sophisticated foreign-government attack that compromised its software tools used to test the defenses of its thousands of customers.
That announcement was met with concern in cybersecurity and intelligence circles, in part because FireEye services several businesses and government agencies that work in national security fields, and a compromise of their systems potentially could be leveraged by hackers to more easily break into the systems of FireEye’s customers.
Russia’s foreign intelligence service, known as the SVR, was seen as the leading suspect of the FireEye breach, the Journal reported. Hackers linked to that Russian group have previously been blamed for hacks on government agencies during the Obama administration.
FireEye was expected to have a call with its customers on Sunday evening to discuss the breach and its impact, a person familiar with the matter said.