WASHINGTON: The United States on Sunday confirmed that hackers acting on the behalf of foreign government broke into a range of key government networks including the Treasury and Commerce Departments.
According to a report by the Washington Post, the hackers were linked to the Russian government. And the incident was a part of a global espionage campaign that stretches back months, as per the people in the knowledge of the matter.
Officials are scrambling to assess the extent of breach and intrusions to implement effective countermeasures.
Though the Trump administration admitted that the hacking took place but did not reveal details.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” John Ullyot, a spokesman for the National Security Council, said in a statement. The Department of Homeland Security’s cybersecurity agency, whose leader was fired by President Trump last month for declaring that there had been no widespread election fraud, said in a statement that it had been called in as well.
The Commerce Department acknowledged, without naming, that one of its agencies had been affected.
However, the people familiar with the intrusions, who spoke to the Washington Post on the condition of anonymity because of the sensitivity of the matter, have revealed that the hacking was carried out by the Russian hackers, known by the nicknames APT29 or Cozy Bear, are part of that nation’s foreign intelligence service and breached email systems in some cases.
The same group had hacked the State Department and the White House email servers during the Obama administration, the report further mentioned.
The FBI is investigating the campaign, which may have begun as early as spring, and had no comment Sunday.
The victims have included government, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia, and the Middle East, according to FireEye, a cyber firm that itself was breached.
All of the organizations were breached through the update server of a network management system made by the firm SolarWinds, FireEye said in a blog post-Sunday.
SolarWinds said Sunday in a statement that monitoring products it released in March and June of this year may have been surreptitiously weaponized within a “highly-sophisticated, targeted . . . attack by a nation-state.”
The scale of the Russian espionage operation appears to be large, said several individuals familiar with the matter. “This is looking very, very bad,” said one person.