Russian hackers managed to infiltrate the computer systems of U.S. government agencies and bodies such as the Treasury Department.
The hacking operation exposed hundreds of thousands of government and corporate networks to potential risk, alerting Homeland Security officials. The attack was conducted against systems within the U.S. Treasury and Commerce Departments.
A Wall Street Journal report revealed that “while those familiar with the attack were unable to specify precisely its scope or the resulting damage to the U.S. government, several agents described it as “one of the most worrisome cyber attacks in years.”
Experts pointed out that the cyber attack may have allowed Russia to access confidential information from government agencies, defense, contractors and other industries.
“The United States government is aware of this information and we are taking all necessary steps to identify and correct any possible problems related to this situation,” said John Ullyot, spokesman for the National Security Council, in a statement.
Russian Hackers: “Hard to stop”
It is not clear exactly what information was accessed, but the cyber raids seemed so serious that the National Security Council met at the White House to discuss them on Saturday, sources told Reuters.
Chris Krebs, who served as the Department of Homeland Security’s top cyber-security official before being fired by President Trump, said that “hacks of this type take exceptional tradecraft and time.”
“If this is a supply chain attack using trusted relationships, really hard to stop,” he said, adding that he believes the attack “has been underway for many months.”
The Department of Commerce confirmed in a statement that one of its offices had been violated and that it was working with federal partners, including the Federal Bureau of Investigation, to investigate the matter, but declined to comment further.
According to the information revealed, hackers were able to infiltrate the systems of government agencies and “FireEye,” a cyber security company, through a malware update introduced in a product of “SolarWinds Inc.,” a US network management company.
FireEye did not identify Russia as the suspect, but said the hackers were very sophisticated, prioritized stealth, patiently performed victim recognition and used difficult to attribute cyber tools.
FireEye CEO Kevin Mandia explained that the main target of these attacks would be the theft of information from the company’s government clients.
In addition, Microsoft researchers said in a blog that they had first seen malicious copies of the SolarWinds software deployed by hackers in March.
In the United Kingdom, where SolarWinds sales documents show that several government departments use the company’s software, a spokesperson for Prime Minister Boris Johnson said that investigations were being conducted into the impact of the events in the United States,
“The National Cyber Security Center is working to assess any impact on the U.K., but we are not aware of any impact related to the U.K. at this time,” said the spokesperson.
For its part, the Russian Embassy in Washington denied responsibility and said the allegations were “unfounded attempts by the American media to blame Russia.”
Kremlin’s spokesman, Dmitry Peskov, said that the accussations of Russian hackers reported by Reuters and other outlets were false.
“”If there have been attacks for many months and the Americans couldn’t do anything about it, it’s probably not worth blaming the Russians immediately and without basis,” he said. “We had nothing to do with it,” the Russian official said.