The computer systems U.S. Treasury Department have been attacked by hackers, and it is the work of Russian hackers working for the Kremlin, reports say. The hacking has taken place in the Treasury and Commerce departments’ systems.
There is every possibility that this attack has been there for several months before it was detected, say U.S. officials and media reports.
The U.S. government, acknowledging the breach, revealed that investigations are under way for a full assessment.
The hackers are supposed to have broken into the email systems at the Treasury and Commerce departments. However, the full extent of the breach is being assessment amidst fears of the extent of the penetration. The hackers may have penetrated other government departments as well and there is fear that private companies may also be under the radar.
The National Security Council and the Department of Homeland Security provided few details about the cyber attack.
“We have been working closely with our agency partners regarding recently discovered activity on government networks,” said NSC spokesman John Ullyot. “The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation.”
Though the U.S. government has not mentioned Russia or any other party in the attack, Russia’s SVR had been blamed in the cyber attack that had taken place in 2014-15, when unclassified email systems at the State Department, Joint Chiefs of Staff, and the White House.
An emergency directive was called for and all federal civilian agencies were asked to review their computer networks for any signs of the compromise. They were asked to disconnect from all SolarWinds Orion products immediately.
Reports say that the hackers have used a “supply chain attack” method that embeds malicious code into software updates.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” CISA’s Acting Director Brandon Wales said in a statement. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners – in the public and private sectors – to assess their exposure to this compromise and to secure their networks against any exploitation.”
SolarWinds, based in Austin, Texas, put out its own statement saying it was aware that its systems were experiencing a “highly sophisticated, manual supply chain attack” on certain versions of its Orion platform software that it had released between March and June of 2020.
“We have been advised this attack was likely conducted by an outside nation-state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack,” the company said.
Kevin Thompson, SolarWinds president and CEO, said in a statement shared with NPR that the company is “acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time.”
Russia has denied any involvement in the current cyber attack.
“As for the rest, if there have been attacks for many months, and the Americans could not do anything about it, it is probably not worth immediately groundlessly blaming the Russians. We didn’t have anything to do with it,” Kremlin spokesman Dmitry Peskov said.