Hackers Breach U.S. Government Networks

“This can turn into one of the most impactful espionage campaigns on record,” — cybersecurity expert Dmitri Alperovitch

Hackers infiltrated the networks of federal agencies, including the Treasury and Commerce departments, in attacks revealed just days after U.S. officials cautioned that cyber attackers linked to the Russian government were exploiting sensitive data.

The FBI and the Department of Homeland Security’s cybersecurity team is looking into what experts and former officials claimed to be a large-scale penetration of U.S. government agencies. The hacks were reported just days after a yuge cybersecurity firm divulged that foreign government hackers had penetrated its network and nabbed the company’s proprietary hacking tools. Experts believe Russia is behind the attack against FireEye [$FEYE] a major cybersecurity shop whose customers include federal, state and local governments and top global corporations.

The causeway for the Treasury and Commerce Department hacks — and the FireEye hack— is a sought after piece of software called SolarWinds. It’s used by hundreds of thousands of global organizations, including most Fortune 500 companies and several U.S. government agencies who will now be scurrying to placate their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike [$CRWD]

The Washington Post reported Sunday, citing three unnamed sources, that the two federal agencies and FireEye were all breached through the SolarWinds network management system.

The attacks were made public less than a week after a National Security Agency advisory warned that Russian government hackers were exploiting vulnerabilities in a system used by the federal government, “allowing the actors access to protected data.” National Security Council spokesperson John Ullyot said in a press release that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”

The government’s Cybersecurity and Infrastructure Security Agency added that it has been working with other agencies “regarding recently discovered activity on government networks. CISA is supplying technical assistance to affected entities as they work to mitigate any potential compromises.”

Hackers linked to Russia were able to invade the State Department’s email system in 2014, contaminating it so thoroughly that it had to be wiped from the internet while experts worked to stifle the infestation. A Commerce Department spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.”

The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.

Austin, Texas-based SolarWinds [$SWI] confirmed Sunday in an email to The Associated Press that it has a “potential vulnerability” related to updates released earlier this year to its Orion products, which help organizations monitor their online networks for problems or outages. Last Tuesday, FireEye said that foreign government hackers with “world-class capabilities” trespassed into its network and stole offensive tools it uses to probe the defenses of its thousands of customers.

“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson in a statement.

He said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects. Former NSA hacker Jake Williams said it seemed clear that both the Treasury Department and FireEye were hacked using the same vulnerability.

FireEye responded to the Sony [$SNE] and Equifax [$EFX] data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.

Neither Mandia nor a FireEye spokesperson said when the company detected the hack or who might be responsible. But many in the cybersecurity community suspect Russia.

One thought on “Hackers Breach U.S. Government Networks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s