The U.S. Treasury. (Sealy J. via Wikipedia/CC)
Network intrusions at the U.S. Commerce Department, the U.S. Treasury, FireEye and more all appear to be linked to subverted software updates for a network monitoring product called Orion, made by SolarWinds.
On Sunday, the U.S. Commerce Department confirmed it had been targeted by hackers, and the U.S. Treasury has also reportedly been struck. On Monday, new victims were added to the list: the Department of Homeland Security, State Department and National Institutes of Health, The Washington Post reports.
Reuters first reported the incidents, with the Post suggesting that a Russian hacking group known as Cozy Bear, aka APT29, is the source.
Governors Wind Energy Coalition
Major hack hits energy companies, U.S. agencies Source: By Blake Sobczak, E&E News reporter • Posted: Tuesday, December 15, 2020
A massive hack of IT service provider SolarWinds led to cybersecurity compromises at multiple federal agencies. At least two of the Energy Department’s national labs use SolarWinds software and may have been affected by the hack, among thousands of other potential victims. Claudine Hellmuth/E&E News (illustration); Francis Chung/E&E News (photo); Freepik (binary code)
Top cybersecurity officials are scrambling to assess the fallout from a far-reaching hack of U.S. federal agencies and global companies, with electric power utilities, at least two Energy Department national labs and thousands of other organizations potentially breached.
While President Donald Trump keeps claiming with no evidence that computers were programmed to switch votes and alter the outcome of the election, he has so far said nothing about a real hack launched by Russia’s foreign intelligence service that experts call one of the widest, most sophisticated, and potentially most damaging in years.
The attack penetrated at least five U.S. government agencies and 18,000 other users of the Orion network management system, manufactured by a privately traded company called SolarWinds. Those five agencies the departments of State, Homeland Security, Commerce, and Treasury, and the National Institutes of Health are the only ones so far identified as victims of the hack, though there may have been others. (Ironically, one mission of Homeland Security is to protect the nation from cyberattacks.)
US Treasury and Commerce department email systems reportedly hacked
Major US news outlets reported on Sunday that hackers had broken into the US Treasury and Commerce department computer systems and were monitoring internal email activity for months without detection. Unidentified experts and government officials “familiar with the matter” were quick to conclude that the hackers were “believed to be” working for Russian intelligence.
Among the first to report the hack was Reuters, which wrote that their sources “feared the hacks uncovered so far may be the tip of the iceberg,” and that “the hack is so serious it led to a National Security Council meeting at the White House on Saturday.”
WASHINGTON (AP) U.S. government agencies were ordered to scour their networks for malware and disconnect potentially compromised servers on Monday after authorities learned that the Treasury and Commerce departments were hacked in a global cyber-espionage campaign tied to a foreign government.
In a rare emergency directive issued late Sunday, the Department of Homeland Security s cybersecurity arm warned of an unacceptable risk to the executive branch from a feared large-scale penetration of U.S. government agencies that could date back to mid-year or earlier.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.