U.S. government hacked in cyberspying operation
The U.S. Commerce Department on Sunday confirmed a security “breach” at one of its bureaus, and said federal authorities are investigating.
“We can confirm there has been a breach in one of our bureaus,” a Commerce spokesperson told CBS News. “We have asked CISA [Cybersecurity and Infrastructure Security Agency] and the FBI to investigate, and we cannot comment further at this time.”
Reuters, the news agency that first reported the hack, cited sources who said the U.S. Treasury Department was also breached, and that hackers may have broken into other government agencies as well. The sources told Reuters that hackers may have been able to monitor staff emails at the agencies for months. And also Reuters reported that the affected bureau at the Commerce Department was the National Telecommunications and Information Administration.
In a statement, a CISA spokesperson said, “We have been working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
Christopher Krebs, the former head of CISA, was fired by President Trump in November. Following news of the hacks, Krebs tweeted, “hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop.”
“On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope,” Krebs added.
SolarWinds, a company that provides tech services to large companies and several government agencies, acknowledged a “potential vulnerability” related to a software update released earlier this year.
“We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products,” said SolarWinds CEO Kevin Thompson. “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time.”
FireEye, a major cybersecurity firm which itself was breached last week, said it had discovered a “global intrusion campaign” that it called “widespread” in a blog post published Sunday evening. “The actors behind this campaign gained access to numerous public and private organizations around the world,” the firm said.