[ad_1]
WASHINGTON: Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Department of the Treasury and an agency that decides Internet and telecommunications policy, according to people familiar with the matter.
There is concern within the U.S. intelligence community that hackers who targeted the Treasury and the Department of Commerce’s National Telecommunications and Information Administration used a similar tool to hack into other government agencies, according to four people briefed on The issue.
People didn’t say what other agencies, but on Sunday night (December 13), Austin, Texas-based IT company SolarWinds said that the software updates it released in March and June of this year may have been manipulated surreptitiously in a “highly sophisticated, targeted and manual attack on the supply chain by a nation state.”
SolarWinds stopped short of saying that the Treasury attack came through them, but two of the people familiar with the investigation said the company was believed to be the channel that hackers entered.
A representative for SolarWinds did not immediately return messages seeking comment.
SolarWinds says on its website that its clients include most of the US Fortune 500 companies, the top ten US telecommunications providers, the five branches of the US military, the Department of State, the National Security Agency and the Office of the President. from United States.
Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.
Two of the people said the breaches are related to a broad campaign that also involved the recently disclosed hack at FireEye, a major US cybersecurity firm with government and commercial contracts.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any potential problems related to this situation,” said National Security Council spokesman John Ullyot.
The attack is so serious that it led to a meeting of the National Security Council at the White House on Saturday, said one of the people familiar with the matter.
The Commerce Department confirmed that there was a violation at one of its agencies in a statement. “We have asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate, and we cannot comment further at this time.”
“GREAT CYBER ESPIONAGE CAMPAIGN”
The breach presents a major challenge for the incoming administration of President-elect Joe Biden, as officials investigate what information was stolen and try to determine what it will be used for. It is not uncommon for large-scale cyber investigations to take months or years to complete.
“This is a much bigger story than a single agency,” said one of the people familiar with the matter. “This is a huge cyber espionage campaign targeting the US government and its interests.”
Hackers broke into NTIA’s office software, Microsoft’s Office 365. Emails from agency staff were monitored by hackers for months, the sources said.
A Microsoft spokesperson did not immediately respond to a request for comment. Neither did a spokesperson for the Treasury Department.
The hackers are “highly sophisticated” and have been able to fool Microsoft’s platform authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press.
“This is a nation-state,” said another person briefed on the matter.
The full scope of the violation is unclear. The investigation is still in its early stages and involves a variety of federal agencies, including the FBI, according to three of the people familiar with the matter.
A spokesperson for the Cybersecurity and Infrastructure Security Agency said they have been “working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises. “
The FBI and the US National Security Agency did not immediately respond to a request for comment.
There are indications that the email compromise at the NTIA dates back to this summer, although it was only discovered recently, according to a senior US official.
