Hackers broke into US government agency networks as part of a monthslong global campaign, likely gaining access by infiltrating software updates sent by an IT provider. Many experts suspect Russia is responsible.
At least two US government agencies, including the Treasury and the Department of Commerce, were struck by a major computer hack from a foreign agent, insiders told reporters on Sunday.
The FBI and the Department of Homeland Security's cybersecurity division are investigating the cyberespionage campaign.
"The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation," said John Ullyot, a spokesman for the National Security Council.
Cybersecurity expert Dmitri Alperovitch told The Associated Press, "this can turn into one of the most impactful espionage campaigns on record."
Access through IT provider
Cybersecurity firm FireEye said foreign hackers had broken into its network and stolen the company's own hacking tools just days earlier. The company was hacked through the SolarWinds network management system.
SolarWinds told The Associated Press on Sunday that there was a "potential vulnerability" related to updates released earlier this year. The company stopped short of saying the Treasury hacking occurred through them, but two people familiar with the investigation said the channels provided by the company was likely how they gained access.
If successfully hacked, SolarWinds could give the hackers "God-mode" access to the network, which makes everything visible, said Alperovitch.
On its website, SolarWinds includes among its customers most of the US' Fortune 500 companies, all of the country's top 10 telecommunications providers, all branches of the military, the State Department, National Security Agency (NSA) and the Office of the US president.
Former NSA hacker Jake Williams said it seemed clear that both the Treasury Department and FireEye were hacked due to the same vulnerability.
"The timing of the release here is, I think, not at all a coincidence," he told The Associated Press, adding that the hack has likely gone far beyond just the Treasury and Commerce departments.
"I suspect that there's a number of other [federal] agencies we're going to hear from this week that have also been hit."
Foreign nation potentially involved
A person familiar with the incident, who was not allowed to speak to the press, said the hack was performed by a "nation state," telling Reuters that the hackers were "highly sophisticated."
The attack comes just days after US officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data. Three people involved in the investigation into the hacking have said they currently believed Russia was behind the hacking.
Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), tweeted Sunday that "hacks of this type take exceptional tradecraft and time." He warned that the operation could have been underway for months.
Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.
— Chris Krebs (@C_C_Krebs) December 13, 2020
The Russian Embassy in the United States denied any wrongdoing in a Facebook post late Sunday. It said American media had made "unfounded attempts…to blame Russia for the hacker attacks on US governmental bodies."
"Russia does not conduct offensive operations in the cyber domain," read the statement.
The post went on to say that Russia has promoted bilateral and multilateral cybersecurity agreements with the US, but "suggestions to start constructive and equal dialogue with the US remain unanswered."
The hacking comes at a sensitive time, as countries have been planning or rolling out vaccines against COVID-19. There have been several suspected cases of hacking related to vaccines in recent weeks.
Latest Stories
-
Dext Technology partners KNUST to train basic school teachers on STEM
17 mins -
My efforts led to remarkable transformation in Appiatse – Lands Minister
19 mins -
13th Ghana Information Technology and Telecom Awards launched
34 mins -
Comedy of electioneering campaign policy: NDC’s 24-hour economy tricks
41 mins -
We will remain vigilant in our oversight operations of all financial institutions – Governor
42 mins -
Ghana’s economic recovery has been strong and steady – Finance Minister
44 mins -
Government completes 50 premix fuel automation machines at landing sites – Fisheries Minister
52 mins -
FBNBank changes its name to FirstBank Ghana
59 mins -
Akwaboah Jnr ties the knot
1 hour -
Women’s FA Cup semis: Army Ladies face FC Epiphany; Police Ladies up against Supreme Ladies
2 hours -
Police haul in Kwadaso MP, EC officials in probe of Ejisu by-election ‘bribery’ case
3 hours -
Ghana’s press freedom ranking: Are we actually improving?
5 hours -
Reflections: 50 Lessons at 50
5 hours -
NCCE briefs Council of State on civic plans for 2024
5 hours -
Ecobank Group reports Profit Before Tax of $581m, on net revenue of $2.1bn for 2023
5 hours