Hackers broke into US government agency networks as part of a monthslong global campaign, likely gaining access by infiltrating software updates sent by an IT provider. Many experts suspect Russia is responsible.

At least two US government agencies, including the Treasury and the Department of Commerce, were struck by a major computer hack from a foreign agent, insiders told reporters on Sunday.

The FBI and the Department of Homeland Security's cybersecurity division are investigating the cyberespionage campaign. 

"The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation," said John Ullyot, a spokesman for the National Security Council.

Cybersecurity expert Dmitri Alperovitch told The Associated Press, "this can turn into one of the most impactful espionage campaigns on record."

Access through IT provider

Cybersecurity firm FireEye said foreign hackers had broken into its network and stolen the company's own hacking tools just days earlier. The company was hacked through the SolarWinds network management system.

SolarWinds told The Associated Press on Sunday that there was a "potential vulnerability" related to updates released earlier this year. The company stopped short of saying the Treasury hacking occurred through them, but two people familiar with the investigation said the channels provided by the company was likely how they gained access.

If successfully hacked, SolarWinds could give the hackers "God-mode" access to the network, which makes everything visible, said Alperovitch.

On its website, SolarWinds includes among its customers most of the US' Fortune 500 companies, all of the country's top 10 telecommunications providers, all branches of the military, the State Department, National Security Agency (NSA) and the Office of the US president.

Former NSA hacker Jake Williams said it seemed clear that both the Treasury Department and FireEye were hacked due to the same vulnerability.

"The timing of the release here is, I think, not at all a coincidence," he told The Associated Press, adding that the hack has likely gone far beyond just the Treasury and Commerce departments.

"I suspect that there's a number of other [federal] agencies we're going to hear from this week that have also been hit."

Foreign nation potentially involved

A person familiar with the incident, who was not allowed to speak to the press, said the hack was performed by a "nation state," telling Reuters that the hackers were "highly sophisticated."

The attack comes just days after US officials warned that cyber actors linked to the Russian government were exploiting vulnerabilities to target sensitive data. Three people involved in the investigation into the hacking have said they currently believed Russia was behind the hacking.

Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA), tweeted Sunday that "hacks of this type take exceptional tradecraft and time." He warned that the operation could have been underway for months.

Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.

— Chris Krebs (@C_C_Krebs) December 13, 2020

The Russian Embassy in the United States denied any wrongdoing in a Facebook post late Sunday. It said American media had made "unfounded attempts…to blame Russia for the hacker attacks on US governmental bodies."

"Russia does not conduct offensive operations in the cyber domain," read the statement.

The post went on to say that Russia has promoted bilateral and multilateral cybersecurity agreements with the US, but "suggestions to start constructive and equal dialogue with the US remain unanswered."

The hacking comes at a sensitive time, as countries have been planning or rolling out vaccines against COVID-19. There have been several suspected cases of hacking related to vaccines in recent weeks.