Hackers backed by the Russian government have reportedly been infiltrating the US Treasury and Commerce Departments. Several other government agencies were also under attack, with the hackers monitoring e-mails of staffers for months. The revelation was made by government officials on Sunday after they detected the breach on Friday. The Washington Post reported that the hacking is so serious that the White House called a National Security Council meeting on Saturday to address it.
The FBI and Homeland Security's cyber security arm have already launched a probe and are trying to gauge the extent of the breach. Besides, a cyber-security firm, FireEye, also announced last week that it had been hacked by "a nation with top-tier offensive capabilities" using "novel techniques."
Russia Does it Again
Besides the Treasury and Commerce Departments, hackers also cracked into the National Telecommunications and Information Administration's (NTIA) office software, Microsoft's Office 365. According to a Reuters report, staff emails at the agency were monitored by the hackers for months.
"We can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate, and we cannot comment further at this time," the spokesperson said. The wire agency also quoted one unnamed government official as having said: "This is a much bigger story than one single agency. This is a huge cyber espionage campaign targeting the US government and its interests."
The FBI, which has already launched an investigation and is trying to assess the extent of the breach, is suspecting a group known as APT29 or Cozy Bear, working for the Russian Foreign intelligence service, SVR. The FBI also believes that the hackers who targeted the Treasury Department and the NTIA used a similar tool to break into other government agencies. However, it didn't inform which other agencies fell prey to the hackers.
Breaches Connected to Broader Campaign?
According to initial reports, the hackers are "highly sophisticated" and were successful in tricking the Microsoft platform's authentication. Microsoft is yet to make a comment on the breach. Sources said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major US cybersecurity company with government and commercial contracts.
Two people familiar with the investigation told Reuters that it's believed the hackers got into the federal agencies via the IT company SolarWinds. In a statement released on Sunday, SolarWinds said that software updates it released in March and June may have been secretly tampered with in a "highly-sophisticated, targeted and manual supply chain attack by a nation state". However, they stopped short of saying that the hack occurred through them or because of their negligence.
The latest attacks on government agencies come amid warnings from the Treasury Department about ransomware attacks against several US sectors, including healthcare organizations. The beach allowed hackers to track the internal communications of the agencies for months. However, what's surprising is that US agencies got to know about it only recently and the extent of the damage might me a lot more than what is being thought of.