Suspected Russian hackers broke into U.S. government networks, including the Treasury and Commerce departments, as part of a monthslong global cyberespionage campaign believed to have also targeted other governments and major corporations.
National Security Council spokesperson John Ullyot said in a statement on December 13 that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
Reuters was the first to report on the breach.
Officials familiar with the matter said the hackers targeted the Treasury Department and the Commerce Department’s agency responsible for deciding Internet and telecommunications policy. There is also concern networks at other government agencies may have been compromised.
The situation is so serious the National Security Council gathered at the White House on December 12, Reuters reported.
“This is a much bigger story than one single agency,” one of the people familiar with the matter told Reuters. “This is a huge cyberespionage campaign targeting the U.S. government and its interests.”
Reuters and The Washington Post, citing U.S. officials, said Russian government hackers are currently believed to be behind the attack.
The FBI, the Department of Homeland Security’s cybersecurity arm, and other agencies are investigating.
Spying On E-Mail
The cyberoperation, which also involved the hackers spying on internal e-mail traffic at the targeted agencies, may have been taking place for months and only discovered now, officials said.
The revelation comes after U.S. cybersecurity firm FireEye on December 8 said that “a nation with top-tier offensive capabilities” broke into its network.
The hackers stole tools FireEye uses to test vulnerabilities in the computer networks of its customers, including federal, state, and local governments and top corporations.
Many in the cybersecurity community suspect the Russian intelligence-linked hacking group known as APT29, or Cozy Bear, was behind the FireEye attack.
The same group was behind attacks on the State Department and White House during the administration of President Barack Obama, as well as the hack of the Democratic National Committee’s servers during the 2016 presidential campaign.
The Russian Embassy in Washington denied any involvement in the cyberattacks, calling the accusation “unfounded.”
“Russia does not conduct offensive operations in the cyber domain,” the Russian embassy said in a statement on its web page.
“Malicious activities in the information space contradict the principles of the Russian foreign policy, national interests, and our understanding of interstate relations,” the statement says.
In a blog post on December 13, FireEye said it had discovered a “global intrusion campaign” through an update of server software made by the firm SolarWinds.
The software is used by hundreds of thousands of organizations globally, including major corporations and governments. On its website, SolarWinds says its customers include all five branches of the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice, and the White House.
FireEye did not name those behind the intrusion, but the actors behind the campaign “gained access to numerous public and private organizations around the world.”
“The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East,” FireEye said. It said the campaign may have started in the spring and is currently ongoing.
In response to what may be deep penetration of U.S. government agencies, the Department of Homeland Security’s cybersecurity arm issued an emergency directive telling federal agencies to search their networks for compromises.
The directive said U.S. agencies should immediately disconnect or power down any machines running the impacted SolarWinds software.