RUSSIAN SPIES BEHIND HACKING CAMPAIGN
The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other U.S. agencies, according to people familiar with the matter, who spoke on the condition of anonymity because of the sensitivity of the matter.
The FBI is investigating the campaign by a hacking group working for the Russian Foreign Intelligence Service, SVR. The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.
It is not clear what information was accessed.
Reuters first reported the hacks of the Treasury and Commerce agencies Sunday, saying they were carried out by a foreign-government-backed group. The SVR link to the broader campaign is previously unreported.
The matter was so serious that it prompted an emergency National Security Council meeting on Saturday, Reuters reported.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said NSC spokesman John Ullyot. He would not comment on the country or group responsible.
APT29 has been linked to several attempts to steal coronavirus vaccine research.
The Washington Post reported last week that the Russian hacking group breached the cybersecurity firm, FireEye, according to sources familiar with the report.
At the Commerce Department, the Russians targeted the National Telecommunications and Information Administration, an agency that handles Internet and telecommunications policy, Reuters reported.
The campaign is said to be broad, encompassing an array of targets, including government agencies in the United States and other countries. It has been running for months, one person said.
In 2015, the same group compromised the servers of the Democratic National Committee. But unlike a rival Russian spy agency, which also hacked the DNC, it did not leak stolen material. In 2016, the GRU military spy agency leaked hacked emails to the online anti-secrecy organization WikiLeaks in an operation that disrupted the Democrats' national convention in the midst of the presidential campaign.
The SVR hacks for traditional espionage purposes, stealing information that might help the Kremlin understand the plans and motives of politicians and policymakers. Its operators also have filched industrial secrets, hacked foreign ministries and gone after coronavirus vaccine data.