On December 13th, a “sophisticated hacking group backed by a foreign government” allegedly carried out a cyber attack and stole information from the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications.
This was initially reported by Reuters, citing unnamed sources.
In a separate report, the Washington Post reported that not only had the US Treasury been subjected to a hacker attack, but also the US Department of Commerce, in addition to other government agencies.
This was a part of a “global espionage campaign that stretches back months,” and was allegedly carried out by the Russian government.
The report is based on claims by unnamed individuals “familiar with the matter.”
According to the outlet, the Russian hackers behind the attack are APT29 (also allegedly known as Cozy Bear), and they’re allegedly part of the SVR – Russia’s foreign intelligence service.
“The same Russian group hacked the State Department and the White House email servers during the Obama administration,” according to the report, recalling of an even that wasn’t backed by any evidence whatsoever.
The FBI is reportedly investigating the campaign, which may have begun as early as spring, and had no comment Sunday. The victims have included government, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East, according to FireEye.
Notably, FireEye claimed it had been breached itself.
The Russian Embassy in Washington called the reports of Russian hacking “baseless.”
In a statement on Facebook it said, “attacks in the information space contradict” Russian foreign policy and national interests. “Russia does not conduct offensive operations” in the cyber domain.
All of the organizations were breached through the update server of a network management system made by the firm SolarWinds, FireEye said in a blog post.
The federal Cybersecurity and Infrastructure Security Agency issued an alert Sunday warning about an “active exploitation” of the SolarWinds Orion Platform, from versions of the software released in March and June. “CISA encourages affected organizations to read the SolarWinds and FireEye advisories for more information and FireEye’s GitHub page for detection countermeasures,” the alert said.
SolarWinds said on December 13th, in a statement that monitoring products it released in March and June of this year may have been surreptitiously weaponized in a “highly-sophisticated, targeted . . . attack by a nation state.”
The company filed a document on December 14th with the Securities and Exchange Commission saying that “fewer than 18,000” of its more than 300,000 customers may have installed a software patch enabling the Russian attack. It was not clear, the filing said, how many systems were actually hacked.
The corporate filing also said that Microsoft’s Office 365 email may have been “an attack vector” used by the hackers.
SolarWinds products are used by organizations across the world. They include all five branches of the U.S. military, the Pentagon, State Department, Justice Department, NASA, the Executive Office of the President and the National Security Agency, the world’s top electronic spy agency, according to the firm’s website.
Its clients also include the top 10 U.S. telecommunications companies.
“This is a big deal, and given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed,” said John Scott-Railton, a senior researcher at Citizen Lab at the University of Toronto’s Munk School of Global Affairs and Public Policy. “When an aggressive group like this gets an open sesame to many desirable systems, they are going to use it widely.”
According to Reuters, the situation was so serious that on December 12th it warranted a US National Security Council meeting.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.
He did not comment on the country or group responsible.
MORE ON THE TOPIC:
- The Saker: “NATO and the EU are sending a “message” to Russia. Again”
- Twitter Refuses To Unlock NYPost Account Unless Paper Deletes Tweets About Hunter Biden