The Trump administration via the National Security Council acknowledged that the United States Treasury Department and a Commerce Department unit experienced a data breach. According to Reuters, the government attributes the attack to Russian hackers and the Russian government.
The New York Times reports that the Russian intelligence agency in question had full access to the federal agencies’ email systems.
Meanwhile, the Washington Post said that the security breach occurred via SolarWinds, a type of network management system. The network is reportedly used by more than 300,000 organizations throughout the world, including various federal government units such as the State Department, Justice Department, the National Security Agency, and many more.
The agents were able to breach the system by tampering with the updates released by SolarWinds. Reuters states that the attackers were able to do so via a supply chain attack or by hiding a malicious code in the software update.
In response to the allegations, SolarWinds said that the updates targeted by attackers were those released between March and June of 2020. All of these updates may have been “highly-sophisticated, targeted and manual supply chain attack by a nation state.”
Apart from the treasury and commerce departments, other national security agencies were also said to be the target of the said attacks. However, the New York Times said it remains unclear whether the systems of these agencies contained confidential information.
One of the agencies targeted by the attackers includes the National Telecommunications and Information Agency. It handles the telecommunications and Internet policy, states Reuters.
Following the attacks on the different departments, Reuters reveals that both the Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation have been hired to investigate the incident.
The United States government remains vague about the involvement of Russian agencies. However, Reuters states that two individuals familiar with the matter say that the Russian intelligence units behind the recent FireEye hack were also responsible for the recent government data breach.
In an article by the Washington Post, it states that the Russian hackers in question point to APT29 or Cozy Bear, both part of Russia’s intelligence service.
In a statement by National Security Council spokesman John Ullyot said, “The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation.”
Apart from conducting investigations on the matter, The Washington Post shares that the Cybersecurity and Infrastructure Agency is working to provide affected individuals with technical assistance.
