U.S. Treasury and Commerce departments reportedly spied on for months by foreign hackers

The U.S. Treasury and Commerce departments were reportedly spied on by hackers suspected of working for a foreign government, possibly Russia.

The White House acknowledged on Sunday that internal email traffic at the U.S. Department of Treasury and the Commerce Department’s National Telecommunications and Informations Administration were being monitored by a foreign government for months, Reuters reported.

The discovery led to an emergency meeting of the National Security Council on Saturday and federal agencies have begun an investigation.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” John Ullyot, a National Security Council spokesman said in a statement.


(Source: Fox News)

U.S. officials have asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate, but have not publicly identified who may be behind the breach, according to Reuters. But the news outlet cited three of the people familiar with the investigation who said they believed it was Russia.

“Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts,” Reuters reported.

The Russian foreign ministry dismissed the allegation in a post on Facebook, calling them “unfounded attempts of the U.S. media to blame Russia” for hacker attacks.

According to Reuters:

The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick – often referred to as a “supply chain attack” – works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.

 

The company noted in a statement on Sunday that the “highly-sophisticated, targeted and manual supply chain attack by a nation-state” may have been launched at updates to its monitoring software which were released earlier this year.

The Austin, Texas-based company boasts customers that include all five branches of the U.S. military, the State Department, the National Security Agency, and the Office of President of the United States as well as Fortune 500 companies and top telecommunications providers in the U.S.

“This is a much bigger story than one single agency,” one source told Reuters. “This is a huge cyber espionage campaign targeting the U.S. government and its interests.”

Sources noted that the emails at the NTIA were monitored for months using Microsoft’s Office 365 and, according to one anonymous person, the “highly sophisticated” hackers reportedly tricked the software’s authentication protocols.

“This is a nation-state,” a different person briefed on the matter told the news outlet.

A spokesperson for the Cybersecurity and Infrastructure Security Agency told Reuters that they have been “working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”

“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” the spokesperson added.

The FBI could “neither confirm nor deny details related to any ongoing investigation,” according to Fox News.

Christopher Krebs, who oversaw CISA as the nation’s top cybersecurity official and was responsible for protecting the U.S. elections, was fired by President Donald Trump last month.

The National Security Agency issued a warning last week that “Russian state-sponsored actors” were “exploiting a vulnerability” in a system used in the federal government. Soon after, the computer security firm FireEye revealed that its own systems were hacked by what it called “a nation with top-tier offensive capabilities.”

Frieda Powers

Comments

Latest Articles