Russian hackers, believed to be working on behalf of the Kremlin, were apparently behind an attack into computer systems at the departments of the U.S. Treasury and Commerce that may have gone on for months before being detected. To make matters worse, people familiar with the matter feel that this situation just may be the tip of the iceberg.
According to U.S. officials and a report by National Public Radio (NPR), the Russian hackers broke into the email systems at those two government departments, and it was so consequential that it led to a National Security Council meeting at the White House on Saturday, one of the people familiar with the matter told Reuters.
It may not come to anyone’s surprise that Russia denies any involvement. The Russian foreign ministry took to Facebook to say the allegations were nothing more than another “unfounded attempt” by the American media to blame Russia for cyberattacks directed at U.S. agencies.”
In the Department of Homeland Security’s response to the “known compromise,” it said that the hack involved SolarWinds Orion network monitoring products being exploited by malicious actors.
“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners -- in the public and private sectors -- to assess their exposure to this compromise and to secure their networks against any exploitation,” the DHS’ Cybersecurity and Infrastructure Security Agency said in a statement.
The Commerce Department and the National Security Council both confirmed the breach, but the agencies didn’t give any extra information about the extent of the hack or the measures that have been taken to secure the email accounts.
The private sector is also in danger
In addition to the government breaches, the hackers also wormed their way into the computer system bowels of private companies.
More than 400 of the U.S. Fortune 500 companies use SolarWinds products, according to KrebsOnSecurity. That list includes all branches of the military, as well as all ten of the Top 10 communications companies, all five of the Top 5 accounting firms, and hundreds of colleges.
Security firm FireEye, which also happened to be hit by the hack, said cyber criminals inserted malware into SolarWinds updates that “(went) to significant lengths to observe and blend into normal network activity.” It also concluded that the breach is a “global campaign” and had confirmed intrusions in North America, Europe, Asia, and the Middle East.
In a blog post late Sunday, Microsoft echoed FireEye’s assessment, saying that it believes the hack represents “nation-state activity at significant scale, aimed at both the government and private sector." The company also had words for its own users.
“We also want to reassure our customers that we have not identified any Microsoft product or cloud service vulnerabilities in these investigations. As part of our ongoing threat research, we monitor for new indicators that could signal attacker activity,” the company said.