Russian hacker spy on US Treasury email-Source

Christopher Bing, Reuters

Hackers who appear to be working in Russia are monitoring internal email traffic from the US Treasury and Commerce, and people familiar with the matter say the hacking found so far is just the tip of the iceberg. He added that he was concerned that it would be.

The hack was so serious that a National Security Council was to be held at the White House on Saturday, one person familiar with the matter said.

Other than the Department of Commerce, US authorities have confirmed that one of its agencies has been breached and have not publicly announced that they have asked cybersecurity and infrastructure security agencies and the FBI to investigate.

“We are taking all necessary steps to identify and remedy any possible problems associated with this situation,” added John William, a spokesman for the National Security Council.

The U.S. government has not publicly identified who may be behind the hack, but three familiar with the investigation say Russia is now believed to be the cause of the attack. I did. Two people said the breach was related to a wide range of campaigns, including a recently disclosed hacking against FireEye, a leading U.S. cybersecurity company with a commercial contract with the government. ..

In a statement posted on Facebook, the Russian Foreign Ministry described the allegation as another unfounded attempt by the US media to blame Russia for cyberattacks on US institutions.

Cyber ​​espionage is believed to have been compromised by secretly tampering with updates released by the IT company SolarWinds, which serves customers of government, military, and intelligence agencies. This trick, often referred to as a “supply chain attack,” works by hiding malicious code in the body of a legitimate software update provided to a target by a third party.

The Austin, Texas-based company said in a statement released late Sunday that the surveillance software update released between March and June of this year was “highly sophisticated and targeted. He said it could have been destroyed by what was described as a “narrowed manual supply chain attack.” By nation-state. “

The company refused to provide further details, but SolarWinds’ diverse customer base has raised concerns within U.S. intelligence agencies that other government agencies may be at risk. ..

SolarWinds’ website includes customers for most of the US Fortune 500 companies, the top 10 US telecommunications providers, all five US military branches, the State Department, the National Security Agency, and the US Presidential Palace. It states that it is.

“Giant Cyber ​​Spy Campaign”

Violations present a major challenge to President-elect Joe Biden’s administration when authorities try to investigate what information has been stolen and see what it is used for. It is not uncommon for large cyber investigations to take months or years to complete.

“This is a much bigger story than a single institution,” said one person familiar with the matter. “This is a large-scale cyber espionage campaign targeting the US government and its interests.”

According to sources, hackers broke into Microsoft’s Office 365, NTIA’s office software. The emails of staff at this agency were monitored by hackers for several months.

A Microsoft spokeswoman did not respond to a request for comment. A Treasury spokesman didn’t do that either.

According to someone familiar with the case, the hacker was “very sophisticated” and was able to trick Microsoft platform authentication control by speaking anonymously because he wasn’t allowed to talk to the press. That is.

“This is a nation-state,” another person explained the issue.

The full extent of the violation is unknown. According to three people familiar with the matter, the investigation is still in its infancy and involves various federal agencies, including the FBI.

A spokesperson for the Cybersecurity and Infrastructure Security Agency said, “We have been working closely with government partners on recently discovered activities in government networks. CISA has revealed potential breaches of affected entities. We provide technical assistance as we work to identify and mitigate. “

The FBI and the US National Security Agency did not respond to requests for comment.

Email breaches at the NTIA have only recently been discovered, according to senior U.S. officials, but there are some signs that it dates back to this summer.