US agencies investigating hacking of government networks
The US Commerce Department confirmed Sunday it has been the victim of a data breach in an attack that is believed to be linked to Russia.
“We can confirm there has been a breach in one of our bureaus,” the Commerce Department said in a statement to CNN. “We have asked CISA and the FBI to investigate, and we cannot comment further at this time.”
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also confirmed the data security incident, telling CNN in a statement, “We have been working closely with our agency partners regarding recently discovered activity on government networks.”
“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” the statement continued.
Reuters was first to report on the data breach.
CISA issued a directive late Sunday that tech company SolarWinds was compromised and it posed “unacceptable risks to the security of federal networks,” said CISA acting Director Brandon Wales.
SolarWinds Orion products are used by a number of federal civilian agencies for network management and CISA is urging the agencies to review their networks for any possible signs of a data breach. This is only the fifth emergency directive issued since 2015, when CISA was created by Congress in the Cybersecurity Act.
SolarWinds said in a statement Sunday night that the breach of their system was “was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.”
The Washington Post reported Sunday that Russian government hackers targeted Commerce as well as the Treasury Department and other government agencies, according to people familiar with the matter who requested anonymity because of the sensitivity of the matter. The paper reported the FBI is investigating and that the same Russia-linked group breached the elite cybersecurity firm FireEye, which just last week disclosed an attack compromising the so-called “Red Team” tools it uses to protect cybersecurity clients, including government customers.
CNN has previously reported the Russian-affiliated group, known as APT29, as the suspected culprit behind the FireEye breach, citing a person familiar with the matter.
“It’s all related,” said a source familiar with the attacks on both FireEye and those reported Sunday. Russia has maintained a steady, aggressive cyber campaign against both the US public and private sectors.
“These sorts of attacks leveraging trusted relationships are extraordinarily difficult to detect and defend against in real-time,” the person said, adding that while the Commerce and Treasury Departments are the victims that have so far been identified, “there will no doubt be more.”
Last week, the National Security Agency published an advisory warning that Russian state-sponsored actors were accessing data on protected systems and called for various government networks, including the Defense Department’s, to be patched immediately.
The Treasury Department, the National Security Council, the FBI, National Security Agency and US Cyber Command did not immediately respond to CNN’s request for comment.
This story has been updated with additional reporting.