The Russia connectionU.S. National Security Officials Investigating Hacker Intrusions
The Trump administration acknowledged Sunday that several U.S. institutions were hacked on behalf of a foreign government. Cybersecurity experts believe Russia is likely behind the attack on the U.S. Treasury and Commerce departments in what U.S. media is calling one of the most sophisticated attacks on U.S. government systems in years.
The Trump administration acknowledged Sunday that several U.S. institutions were hacked on behalf of a foreign government.
Cybersecurity experts believe Russia is likely behind the attack on the U.S. Treasury and Commerce departments in what U.S. media is calling one of the most sophisticated attacks on U.S. government systems in years.
“We have asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate, and we cannot comment further at this time,” the Commerce Department said in a statement confirming one of its agencies was breached.
Both the FBI and the cybersecurity arm of the Department of Homeland Security were investigating the hacks. The extent of the intrusion, a motive, or whether other agencies were affected is not clear.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot said.
A Kremlin spokesman said Monday that Russia was not involved.
“If there have been attacks for many months, and the Americans could not do anything about it, it is probably not worth immediately groundlessly blaming the Russians,” spokesman Dmitry Peskov told reporters. “We didn’t have anything to do with it.”
According to Reuters, which first reported the breach, U.S. National Security Council officials met Saturday at the White House to discuss the attack, which involved stealing information related to internet and telecommunications policymaking.
The breaches come a week after FireEye, a U.S. cybersecurity company with government and corporate contracts, said it was targeted in an attack in which foreign government hackers stole some of its hacking tools.
In a blog post Sunday, FireEye said it uncovered a “widespread campaign” in which hackers were able to use software updates from information technology firm SolarWinds to access computer systems of “numerous public and private organizations around the world.”
“This campaign may have begun as early as Spring 2020 and is currently ongoing,” FireEye said. “The campaign is the work of a highly skilled actor and the operation was conducted with significant operational security.”
SolarWinds issued its own statement Sunday citing potential vulnerabilities in updates it released between March and June for software that organizations use to monitor their networks for problems.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” SolarWinds CEO Kevin Thompson said.
SolarWinds says its customers include hundreds of major U.S. corporations, including the top telecommunications and accounting firms, as well as a number of government agencies such as the Defense Department, State Department, National Security Agency and the Justice Department.
The Cybersecurity and Infrastructure Security Agency, part of the Homeland Security Department, issued an emergency directive late Sunday telling U.S. federal agencies to examine their networks for signs they may be compromised and to immediately disconnect the affected SolarWinds products.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” CISA Acting Director Brandon Wales said in a statement. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
CISA was led until recently by Christopher Krebs, who was fired by President Donald Trump.
In a tweet Sunday, Krebs said, “hacks of this type take exceptional tradecraft and time” and raised the possibility that it had been underway for months.
“This thing is still early, I suspect,” Krebs wrote.
He was dismissed by Trump after he said the November national election was “the most secure in American history,”angering Trump who has claimed, without evidence, that voting and vote-count irregularities led to President-elect Joe Biden’s victory over him.