Two U.S. departments hacked
Treasury and Commerce hit in cyber campaign
Hackers broke into the networks of the Treasury and Commerce departments as part of a global cyberespionage campaign revealed just days after a leading global cybersecurity firm announced that it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.
The FBI and the Department of Homeland Security ’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies — apparently the same monthslong cyberespionage campaign that also afflicted the prominent cybersecurity firm Fireeye.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The hacks were revealed less than a week after Fireeye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible. Fireeye’s whose customers include federal, state and local governments and top global corporations.
The apparent conduit for the Treasury and Commerce Department hacks — and the Fireeye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.
Fireeye, without naming the breached agencies or other targets, said in a blog post that its investigation into the hack of its own network had identified “a global campaign” targeting governments and the private sector that, beginning in the spring, slipped malware into a Solarwinds software update.
The malware gave the hackers remote access to victims’ networks.
Fireeye said it had notified “multiple organizations” globally where it saw indications of compromise. It said that the hacks did not seed selfpropagating malware — like the 2016 Notpetya malware blamed on Russia that caused more than $10 billion in damage globally — and that any actual infiltration of an infected organization required “meticulous planning and manual interaction.”
The U.S. government did not publicly identify Russia as the culprit behind the hacks, first reported by Reuters, and said little about who might be responsible. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect.
National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
On its website, Solarwinds says it has 300,000 customers worldwide, including all five branches of the U.S. military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice and the White House.