According to the news agency Reuters, via Reddit, hackers believed to be working for Russia have been targeting the U.S. Treasury and the Commerce Department’s National Telecommunications and Information Administration by monitoring internal email traffic for months.
The Commerce Department confirmed in a statement the breach at one of its agencies: “We have asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate, and we cannot comment further at this time.”
U.S. officials have not commented publicly on the hack beyond the initial confirmation by the Commerce Department, but according to a source familiar with the subject, the breach prompted the National Security Council to have a meeting on Saturday at the White House, with National Security Council spokesman John Ullyot assuring that “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation.”
While the U.S. government has not identified the people behind the hacking – at least not publicly – three sources familiar with the ongoing investigation have confirmed that Russia is the prime suspect of the attack, with the Russian foreign ministry denying the allegations in a Facebook post:
“We paid attention to another unfounded attempt of the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies.
We declare responsibly: malicious activities in the information space contradict the principles of the Russian foreign policy, national interests, and our understanding of interstate relations. Russia does not conduct offensive operations in the cyber domain.
What is more, the Russian Federation actively promotes bilateral and multilateral cybersecurity agreements. In this regard, we would like to remind our American colleagues of the initiative put forward by President Vladimir Putin on September 25 on a comprehensive program of measures to restore Russia-U.S. cooperation in the field of international information security.
We have received no reply from Washington. Many of our other suggestions to start a constructive and equal dialogue with the U.S. remain unanswered.”
The method believed to have been used by the hackers is called “supply chain attack” and involves infiltrating a system through an outside partner or provider that has access to the respective system or data.
In this case, legitimate software updates released by the IT company SolarWinds have been tampered with and have had malicious code hidden inside them.
SolarWinds Inc. is an American company that develops software for businesses so they could manage their networks, systems, and information technology infrastructure more easily.
The company software is used by no less than 300.000 companies and agencies, including most of America’s Fortune 500 companies, the top 10 US telecommunications providers, all five branches of the US military, the state department, the National Security Agency, and the Office of President of the United States.
For the moment the full scope of the breach is unclear, but Wall Street Journal cybersecurity reporterNevertheless Dustin Volz has confirmed in a Twitter post that National security agencies and defense contractors have also been compromised:
“Can confirm DHS has also been hacked in the SolarWinds attack. DHS is not currently acknowledging their breach publicly. With Commerce and Treasury, that’s three confirmed agency intrusions. I’m also told national security agencies and defense contractors have been compromised.”
Nevertheless, a recent statement issued by DHS Assistant Secretary for Public Affairs Alexei Woltornist has assured that:
“The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response.
As the federal lead for cyber breaches of civilian federal agencies, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has already issued Emergency Directive 21-01 to the federal government to address compromises related to SolarWinds.”
All things considered, this attempt can be seen as one of the most sophisticated and perhaps even one of the largest hacks in the past five years.