NATIONAL NEWS

US Agencies Hacked In Monthslong Global Cyberspying Campaign

Dec 13, 2020, 9:47 PM
The U.S. Treasury Building as seen from the Bank of America offices in Washington, DC. (Photo by Ch...
The U.S. Treasury Building as seen from the Bank of America offices in Washington, DC. (Photo by Chip Somodevilla/Getty Images)
(Photo by Chip Somodevilla/Getty Images)

WASHINGTON (AP) — Hackers broke into the networks of the Treasury and Commerce departments as part of a monthslong global cyberespionage campaign revealed Sunday, just days after a prominent cybersecurity firm said it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.

The FBI and the Department of Homeland Security’s cybersecurity arm were investigating what experts and former officials said appeared to be a large-scale penetration of U.S. government agencies — apparently the same hacking campaign that also afflicted the cybersecurity firm FireEye, foreign governments and major corporations.

“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch.

The hacks, first reported by Reuters, were revealed less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools. Many experts suspect Russia is responsible for that attack. FireEye’s customers include federal, state and local governments and top global corporations.

The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies that will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.

FireEye, without naming any specific targets, said in a blog post that its investigation into the hack of its own network had identified “a global campaign” targeting governments and the private sector that, beginning in the spring, had slipped malware into a SolarWinds software update. Neither the company nor the U.S. government publicly identified Russian state-backed hackers as responsible.

The malware gave the hackers remote access to victims’ networks, and Alperovitch said SolarWinds grants “God-mode” access to a network, making everything visible.

“We anticipate this will be a very large event when all the information comes to light,” said John Hultquist, director of threat analysis at FireEye. “The actor is operating stealthily, but we are certainly still finding targets that they manage to operate in.”

FireEye said it had confirmed infections in North America, Europe, Asia and the Middle East, including in the health care and oil and gas industry — and had been informing affected customers around the world in the past few days.

It said that malware that rode the SolarWinds update did not seed self-propagating malware — like the NotPetya malware blamed on Russia that caused more than $10 billion in damage globally — and that any actual infiltration of an infected organization required “meticulous planning and manual interaction.”

That means it’s a good bet only a subset of infected organizations were being spied on by the hackers. Nation-states have their cyberespionage priorities, which include COVID-19 vaccine development.

On its website, SolarWinds says it has 300,000 customers worldwide, including all five branches of the U.S. military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice and the White House. It says the 10 leading U.S. telecommunications companies and top five U.S. accounting firms are also among customers.

The Treasury Department referred requests for comment to the National Security Council, whose spokesman, John Ullyot, said the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”

The government’s Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help “identify and mitigate any potential compromises.” The FBI said it was engaged in a response but declined to comment further.

President Donald Trump last month fired the director of CISA, Chris Krebs, after Krebs vouched for the integrity of the presidential election and disputed Trump’s claims of widespread electoral fraud.

In a tweet Sunday, Krebs said “hacks of this type take exceptional tradecraft and time,” adding that he believed that its impact was only beginning to be understood.

Federal agencies have long been attractive targets for foreign hackers looking to gain insight into American government personnel and policymaking.

Hackers linked to Russia, for instance, were able to break into the State Department’s email system in 2014, infecting it so thoroughly that it had to be cut off from the internet while experts worked to eliminate the infestation.

The intrusions disclosed Sunday also included the Commerce Department’s agency responsible for internet and telecommunications policy. A spokesperson confirmed a “breach in one of our bureaus” and said “we have asked CISA and the FBI to investigate.”

Austin, Texas-based SolarWinds confirmed Sunday a “potential vulnerability” related to updates released between March and June for software products called Orion that help monitor networks for problems.

“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” said SolarWinds CEO Kevin Thompson said in a statement. He said it was working with the FBI, FireEye and intelligence community.

FireEye announced on Tuesday that it had been hacked, saying foreign state hackers with “world-class capabilities” broke into its network and stole tools it uses to probe the defenses of its thousands of customers. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them.

Former NSA hacker Jake Williams, the president of the cybersecurity firm Rendition Infosec, said FireEye surely told the FBI and other federal partners how it had been hacked and they determined that Treasury had been similarly compromised.

“I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.

FireEye responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.

Mandia said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.


Bajak reported from Boston and O’Brien from Providence, Rhode Island.

KSL 5 TV Live

Top Stories

National News

A sign hangs in the offices of the Planned Parenthood Federation of America(Photo by Mario Tama/Get...
Michael Houck, KSL-TV & Associated Press

Planned Parenthood, ACLU sue over Utah abortion ban

'We are forced into motherhood'; Planned Parenthood and the ACLU filed a lawsuit against Utah's trigger law banning most abortions in the state.
1 day ago
FILE...
Associated Press

Officer suspended for off-duty actions at abortion protest

A Rhode Island police officer has been suspended from his job with pay after allegedly punching a woman while off-duty.
1 day ago
A suspected land mine was removed from a Florida beach, according to police. (Credit: Indian River ...
Zoe Sottile, CNN

A suspected land mine was removed from a Florida beach

A suspected land mine was removed from a Florida beach, according to police.
1 day ago
FILE - This July 1, 2016, file photo shows Mega Millions lottery tickets on a counter at a Pilot tr...
Yenny Sanchez, CNN

South Carolina man wins $100,000 lottery after using strategy he saw on TV

A South Carolina man has won more than $100,000 after trying a lottery strategy inspired by an episode of TLC's 'Lottery Changed My Life.'
1 day ago
SEATTLE, WA - MARCH 16: Washington Gov. Jay Inslee, answers a question at a news conference about t...
REBECCA BOONE, Associated Press

Inslee seeks abortion rights amendment to state constitution

Washington Gov. Inslee said he will push for a state constitutional amendment to protect abortion rights within his state's borders.
1 day ago
At least 150 cats were removed from a Winsted home in what police are calling a "cat hoarding" situ...
Evan Sobol & Eliza Kruczynski, WFSB

Police: At least 150 cats removed from Winsted home in ‘cat hoarding’ case

At least 150 cats were removed from a Connecticut home in what police are calling a “cat hoarding” situation.
1 day ago

Sponsored Articles

hand holding 3d rendering mobile connect with security camera for security solutions...
Les Olson

Wondering what security solutions are right for you? Find out more about how to protect your surroundings

Physical security helps everyone. Keep your employees, clients, and customers safe with security solutions that protect your workplace.
Many rattan pendant lights, hay hang from the ceiling.Traditional and simple lighting....
Lighting Design

The Best Ways to Style Rattan Pendant Lighting in Your Home

Rattan pendant lights create a rustic and breezy feel, and are an easy way to incorporate this hot trend into your home decor.
Earth day 2022...
1-800-GOT-JUNK?

How Are You Celebrating Earth Day 2022? | 4 Simple Ways to Celebrate Earth Day and Protect the Environment

Earth Day is a great time to reflect on how we can be more environmentally conscious. Here are some tips for celebrating Earth Day.
Get Money Online...

More Ways to Get Money Online Right Now in Your Spare Time

Here are 4 easy ways that you can get more money online if you have some free time and want to make a little extra on the side.
Lighting trends 2022...

Lighting Trends 2022 | 5 Beautiful Home Lighting Trends You Can Expect to See this Year and Beyond

This is where you can see the latest lighting trends for 2022 straight from the Lightovation Show at the Dallas World Trade Center.
What Can't You Throw Away in the Trash...

What Can’t You Throw Away in the Trash? | 5 Things You Shouldn’t Throw in to Your Trash Can

What can't you throw away in the trash? Believe it or not, there are actually many items that shouldn't be thrown straight into the trash.
US Agencies Hacked In Monthslong Global Cyberspying Campaign