Government agencies hacked
Criminals with ties to Russia possibly targeted sensitive data
WASHINGTON — Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed just days after U.S. officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data.
The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The hacks were revealed just days after a major cybersecurity firm disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible for the attack against Fireeye, a major cybersecurity player.
The apparent conduit for the Treasury and Commerce Department hacks is a piece of server software called Solarwinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. government agencies, said Alperovitch, the former chief technical officer of the cybersecurity firm Crowdstrike.
The attacks were disclosed less than a week after a National Security Agency advisory warned that Russian government hackers were exploiting vulnerabilities in a system used by the federal government, “allowing the actors access to protected data.”
The U.S. government did not publicly identify Russia as the culprit behind the hacks.
National Security Council spokesperson John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
The government’s Cybersecurity and Infrastructure Security Agency said separately that it has been working with other agencies “regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”