U.S. government agencies hacked; Russia a possible culprit
Hackers broke into the networks of federal agencies including the Treasury and Commerce departments in attacks revealed just days after U.S. officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data.
The FBI and the Department of Homeland Security’s cybersecurity arm are investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.
The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. government agencies who will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.
The attacks were disclosed less than a week after a National Security Agency advisory warned that Russian government hackers were exploiting vulnerabilities in a system used by the federal government, “allowing the actors access to protected data.”
National Security Council spokesman John Ullyot said in a statement that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
The government’s Cybersecurity and Infrastructure Security Agency said separately that it has been working with other agencies “regarding recently discovered activity on government networks.
CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
The Washington Post reported Sunday, citing three unnamed sources, that the two federal agencies and FireEye, a major cybersecurity player whose customers include federal, state and local governments and top global corporations,were all breached through the SolarWinds network management system.