Officials suspect a hacking group that works for the SVR, the Russian foreign intelligence service, breached many U.S. federal departments, including Treasury and Commerce’s National Telecommunications and Information Administration (NTIA).
From The Washington Post:
The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The breaches have been taking place for months and may amount to an operation as long-running and significant as one that occurred in 2014-2015.The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.All of the organizations were breached through a network management system called Solar Winds, according to three people familiar with the matter, who spoke on condition of anonymity because of the issue’s sensitivity. Solar Winds could not immediately be reached for comment.It is not clear what information was accessed from the government agencies.
Reuters reported that “SolarWinds said software updates it released in March and June of this year may have been surreptitiously tampered with in a ‘highly-sophisticated, targeted and manual supply chain attack by a nation state.'”
Two people told Reuters that these breaches have a connection “to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.”
The White House and Commerce Department confirmed the hacks:
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.The Commerce Department confirmed there was a breach at one of its agencies in a statement. “We have asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate, and we cannot comment further at this time.”
As noted above, this same group hacked the State Department and the White House when President Barack Obama sat in the White House.
It is obviously not going to stop. Sources said the group “broke into the NTIA’s office software, Microsoft’s Office 365.” These people also said the hackers “monitored” staff emails for months:
“This is a much bigger story than one single agency,” said one of the people familiar with the matter. “This is a huge cyber espionage campaign targeting the U.S. government and its interests.”—A Microsoft spokesperson did not immediately respond to a request for comment. Neither did a spokesman for the Treasury Department.The hackers are “highly sophisticated” and have been able to trick the Microsoft platform’s authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press.“This is a nation state,” said a different person briefed on the matter.
We do not know all of the specifics. The investigation is still in the early stages. The FBI and “a range of federal agencies” are taking part in the investigation.
CLICK HERE FOR FULL VERSION OF THIS STORY