News broke Sunday that foreign hackers had broken into federal government computers, setting off speculation of a large-scale cyberattack.
The U.S. government is investigating the breach, which is believed to have compromised the Treasury and Commerce departments and possibly other federal agencies, according to The Washington Times.
Hackers break into federal networks
According to Reuters, hackers broke into Microsoft Office software to read the emails of officials in the Treasury Department and the National Telecommunications and Information Administration, a Commerce Department agency that advises the president on telecommunications policy.
Intelligence officials are concerned that other government agencies were affected, and the National Security Council (NSC) met Saturday to address the issue, Reuters reported.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” NSC spokesman John Ullyot told Reuters.
The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) are investigating the incident, which was confirmed by the Commerce Department, according to Fox Business.
“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” a spokesperson for the agency said.
Speculation of cyber attack
It’s not clear how extensive the attack is or who is behind it, but news reports from the Associated Press and elsewhere raised speculation of a larger operation spanning months, possibly led by Russia.
The breach comes after a U.S. cybersecurity firm that serves government entities and top corporations, FireEye, had its own hacking tools stolen Tuesday by what they described as “world-class” hackers who “primarily sought information related to certain government customers,” as The Washington Times reported.
According to Reuters, the government hack may have exploited a software update from the company SolarWinds, which serves Fortune 500 companies, the top 10 U.S. telecommunications providers, all five branches of the U.S. military, the State Department, the National Security Agency, and the Office of President of the United States. The company called the hacking a “highly-sophisticated, targeted and manual supply chain attack by a nation state,” Reuters reported.
The U.S. government has not attributed blame for the attack, but Russia’s embassy in the United States has dismissed “attempts of the U.S. media to blame Russia for hacker attacks on U.S. governmental bodies,” according to the AP.
“Russia does not conduct ‘offensive’ operations in a virtual environment,” the Russian government said in a separate statement, according to Newsweek. “The Russian Federation is actively promoting bilateral and multilateral cybersecurity agreements.”