US Treasury Department “targets suspected Russian state hackers in cyberattack”

Hackers believed to be working for Russia have monitored internal e-mail traffic at the US Treasury Department and an agency that decides Internet and telecommunications policy, according to people familiar with the matter.

There is concern in the US intelligence service that hackers targeting the Treasury Department and the Department of Commerce’s National Telecommunications and Information Service used a similar tool to break into other agencies, according to four people informed.

People did not say what other agencies, but late on Sunday in Austin, Texas-based IT company SolarWinds said software updates released in March and June this year may have been manipulated in a “very sophisticated, targeted and manual supply chain. nation state. “

SolarWinds ended by saying that the hack on Treasury occurred through them, but two of the people who were familiar with the investigation said that the company is believed to be the channel through which the hackers entered.

A representative of SolarWinds did not immediately send messages to comment.

SolarWinds says on its website that its customers include most of America’s Fortune 500 companies, all ten of the top US telecommunications providers, all five branches of the US military, the State Department, the National Security Agency and the President of the United States.

Three of the people familiar with the investigation said that Russia is currently believed to be behind the attack.

Two of the people said the breaches were linked to a broad-based campaign that also involved the recently uncovered hack on FireEye, a large US cyber security company with public and commercial contracts.

“The United States Government is aware of these reports and we are taking all necessary steps to identify and remedy any issues related to this situation,” said National Security Council spokesman John Ullyot.

The hack is so serious that it led to a meeting of the National Security Council in the White House on Saturday, said one of the people familiar with the matter.

The Ministry of Commerce confirmed that there was a crime against one of its agencies in a statement. “We have asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate, and we are unable to comment further at this time.”

‘Huge cyber espionage campaign’

The crime poses a major challenge to the incoming administration of President-elect Joe Biden as officials investigate what information has been stolen and try to determine what it will be used for. It is not uncommon for large-scale cyber surveys to take months or years to complete.

“This is a much bigger story than a single agency,” said one of the people familiar with the matter. “This is a huge cyber espionage campaign aimed at the US government and its interests.”

Hackers broke into NTIA’s office software, Microsoft’s Office 365. The staff’s emails at the agency were monitored by hackers for several months, sources said.

A Microsoft spokesperson did not immediately respond to a request for comment. Nor did a spokesman for the Ministry of Finance.

The hackers are “very sophisticated” and have been able to trick the Microsoft platform’s authentication checks, according to a person familiar with the incident, who spoke on anonymity terms because they were not allowed to speak to the press.

“This is a nation state,” said another informant.

The full extent of the infringement is unclear. The investigation is still at an early stage and involves a number of federal agencies, including the FBI, according to three of the people familiar with the matter.

A spokesman for the Cybersecurity and Infrastructure Security Agency said they had “worked closely with our agency partners on recently discovered activities on state networks. CISA provides technical support to relevant entities as they work to identify and mitigate any compromises.”

The FBI and US National Security Agency did not immediately respond to a request for comment.

There is some evidence that NTIA’s e-mail compromise dates back to the summer, although it was only recently discovered, according to a senior U.S. official.