© 2021 WFAE
90.7 Charlotte 93.7 Southern Pines 90.3 Hickory 106.1 Laurinburg
Play Live Radio
Next Up:
0:00
0:00
Available On Air Stations
United States & World

Russia Suspected In Major Cyberattack On U.S. Government Departments

The U.S. Treasury Department, shown here in 2019, has been hacked along with the U.S. Commerce Department, according to reports. Russia is suspected, but denies involvement. The U.S. government has acknowledged a breach and says it is investigating to make a full assessment.
The U.S. Treasury Department, shown here in 2019, has been hacked along with the U.S. Commerce Department, according to reports. Russia is suspected, but denies involvement. The U.S. government has acknowledged a breach and says it is investigating to make a full assessment.

Russian hackers working for the Kremlin are believed to be behind an attack into U.S. government computer systems at the departments of Treasury and Commerce that likely lasted months, according to reports Sunday.

The agencies' Microsoft Office 365 platform was used to monitor staffers emails, potentially since the spring, Reuters and The New York Times reported Sunday.

A spokesman for the National Security Council, John Ullyot, appeared to broadly confirm the breach, but offered no specifics about which country may have been involved.

"We have been working closely with our agency partners regarding recently discovered activity on government networks," Ullyot said in a statement Sunday. "The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation."

Microsoft said in a blog post late Sunday, "We believe this is nation-state activity at significant scale, aimed at both the government and private sector."

Representatives from the two departments that were targeted did not immediately respond to NPR's request for comment.

The hackers are believed to have gotten into the government systems by tampering with software updates from the IT company SolarWinds. The company has government contracts, including with the military and intelligence services, according to Reuters. The attackers are believed to have used a "supply chain attack" method that embeds malicious code into legitimate software updates. The attack focused on the SolarWinds Orion products.

SolarWinds said in a statement that it was aware of its systems experiencing a "highly sophisticated, manual supply chain attack" on specific versions of its Orion platform software released between March and June of this year.

"We have been advised this attack was likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack," the company said.

SolarWinds advised users to update to a newer version as soon as possible.

Members of the National Security Council, the Department of Homeland Security, and the FBI are investigating the breach and whether other government systems could have been hacked as well.

Overnight, the Cybersecurity and Infrastructure Security Agency (CISA), which is overseen by the Department of Homeland Security, issued an emergency directive calling on all federal civilian agencies to review their networks for signs of the compromise and to disconnect from SolarWinds Orion products immediately.

"The compromise of SolarWinds' Orion Network Management Products poses unacceptable risks to the security of federal networks," said CISA Acting Director Brandon Wales in a statement. "Tonight's directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation."

The agency said in its directive that, "Affected entities should expect further communications from CISA and await guidance before rebuilding from trusted sources utilizing the latest version of the product available."

News of the breach comes less than a week after an attack into FireEye, a major U.S. cybersecurity company, was made public. The hackers in that attack, also believed to be Russians, stole the company's key tools used to test vulnerabilities in the computer networks of its customers, which include government agencies.

If government officials are able to confirm the Russian government as the source of the attack, it would be considered the biggest theft of U.S. government data since a breach in 2014 and 2015, the Timesreports.

During those earlier breaches, Russian intelligence accessed unclassified email systems at the White House, State Department and the Joint Chiefs of Staff. Russian actors are also responsible for the 2016 hacking of emails from the Democratic National Committee and Hillary Clinton's presidential campaign.

NPR's National Security Correspondent Greg Myre contributed to this report.

Copyright 2020 NPR. To see more, visit https://www.npr.org.