Hackers are believed to be working for the Russia They were monitoring internal email traffic in the US Treasury and Commerce departments, according to people familiar with the matter, who feared the breaches uncovered so far could be the tip of the iceberg.
Someone said the breach was so dangerous that it led to a meeting of the National Security Council at the White House on Saturday.
US officials have not mentioned much publicly other than the Commerce Department confirming a breach at one of its agencies and asking the Agency for Cybersecurity and Infrastructure Security and the FBI to investigate.
“They are taking all necessary steps to identify and address any potential issues related to this situation,” added National Security Council spokesman John Oliot.
The US government has not publicly specified who might be behind the hack, but three people familiar with the investigation said it believed Russia was responsible. Two people said the violations were related to a broad campaign that also included the recently disclosed hack on FireEye, a major US cybersecurity company with government and business contracts.
at Statement posted on FacebookThe Russian Foreign Ministry described the allegations as yet another unfounded attempt by the US media to blame Russia for the cyber attacks against US agencies.
Two people familiar with the matter believe that cyber spies have penetrated a secret by tampering with updates released by the IT company SolarWinds, which serves government agents across the executive branch, the military and the intelligence services. The trick – often referred to as a “supply chain attack” – works by hiding malicious code in the suite of legitimate software updates provided to targets by third parties.
In a statement late Sunday, the Texas-based company in Austin said that updates to its monitoring software released between March and June this year may have been sabotaged by what it described as an “attack.” A highly developed, targeted, and manual supply chain by the nation-state. “
The company declined to provide any further details, but the diversity of SolarWind’s customer base has raised concerns within the US intelligence community that other government agencies may be at risk, according to four people familiar with the matter.
SolarWinds says on its website that its clients include most of the US Fortune 500 companies, the 10 largest telecom providers in the United States, all five branches of the US military, the State Department, the National Security Agency and the Office of the President of the United States.
The breach presents a major challenge to the incoming administration of President-elect Joe Biden as officials are investigating the stolen information and trying to ascertain what purpose it will be used for. It is not uncommon for large-scale electronic investigations to take months or years to complete.
“This is a much bigger story than one agency,” said one person familiar with the matter. “This is a massive cyber espionage campaign targeting the United States government and its interests.”
Hackers have compromised NTIA’s office program, Microsoft Office 365. Sources said that emails of employees at the agency have been monitored by the hackers for several months.
A Microsoft spokesperson did not respond to a request for comment. Neither did a Treasury spokesperson.
The hackers are “very sophisticated” and have managed to deceive Microsoft’s authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press.
Another person familiar with the matter said, “This is a nation-state.”
The full extent of the breach is unclear. The investigation is still in its infancy and involves a host of federal agencies, including the FBI, according to three people familiar with the matter.
A spokesperson for the Cybersecurity and Infrastructure Security Agency said they were “working closely with our agency partners regarding recently discovered activity on government networks. CISA provides technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
The FBI and National Security Agency did not respond to a request for comment.
There are some indications that the NTIA email compromise is going back this summer, although it was only discovered recently, according to a senior US official.
“Food practitioner. Music junkie. Avid troublemaker. Hipster-friendly creator. Social media lover. Wannabe pop culture fanatic.”