In one of the most audacious hacks in recent memory, U.S. government agencies were attacked as part of a global campaign that exploited a flaw in the software updates of a U.S. company. The hackers are suspected to be part of a notorious hacking group tied to the Russian government, the Washington Post reported.
The attack included breaches at the U.S. Treasury and Commerce departments and those of other government agencies in an attack that started months ago, the newspaper reported. The same hacking group is also believed to be behind the recent attack on the cyber-security firm FireEye Inc.
“We have identified a global campaign that introduces a compromise into the networks of public and private organizations through the software supply chain,” FireEye said in a blog post late Sunday, without naming a specific group for the breach.
FireEye described a highly sophisticated attack that exploited updates in widely used software from Austin, Texas-based SolarWinds Corp., which sells technology products to a Who’s Who list of of sensitive targets. These include the State Department, the Centers for Disease Control and Prevention, the Naval Information Warfare Systems Command, the FBI, all five branches of the U.S. military, and 425 corporations out of the Fortune 500, according to the company’s website and government data.
The series of attacks could rank as among the worst in recent memory, though much remains unknown, including the motive and scope of the hacks. The hackers have been monitoring internal email at the U.S. Treasury and Commerce departments, Reuters reported.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” John Ullyot, a spokesman for the National Security Council, said in a statement.
All federal civilian agencies were ordered by the U.S. Cybersecurity and Infrastructure Security Agency to review their networks and disconnect or power down SolarWinds’s Orion software products immediately. The emergency directive late Sunday in Washington also asked for an assessment from these agencies by noon eastern time on Monday.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” Acting Director Brandon Wales said in a statement. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners — in the public and private sectors — to assess their exposure to this compromise and to secure their networks against any exploitation.”
The U.K. National Cyber Security Centre is also examining possible threats from the campaign. “The NCSC is working closely with FireEye and international partners on this incident,” said a spokesperson in an emailed statement. “Investigations are ongoing, and we are working extensively with partners and stakeholders to assess any U.K. impact.”
Kremlin spokesman Dmitry Peskov rejected allegations of Russian involvement, saying, “If there were attacks over a period of months and the Americans couldn’t do anything about it, there’s no need to immediately blame the Russians for everything without basis.”
According to FireEye, the hackers hit organizations across the globe — in North America, Europe, Asia and in the Middle East — and in multiple sectors including government, technology, consulting, telecommunications, as well as oil and gas. The company believes that this list will grow.
Subscribe to our YouTube channel: https://bit.ly/2TwO8Gm
Bloomberg Quicktake brings you live global news and original shows spanning business, technology, politics and culture. Make sense of the stories changing your business and your world.
To watch complete coverage on Bloomberg Quicktake 24/7, visit http://www.bloomberg.com/qt/live, or watch on Apple TV, Roku, Samsung Smart TV, Fire TV and Android TV on the Bloomberg app.
Have a story to tell? Fill out this survey for a chance to have it featured on Bloomberg Quicktake: https://cor.us/surveys/27AF30
Connect with us on…
Breaking News on YouTube: https://www.youtube.com/c/BloombergQuickTakeNews