US says govt networks hit by hacking campaign

Hackers spied on businesses and agencies for almost nine months

Sign up now: Get ST's newsletters delivered to your inbox

WASHINGTON • The US government has confirmed that a recent hacking campaign affected its networks and said the attack was "significant and ongoing".
Hackers believed to be working for Russia have been monitoring internal e-mail traffic at the US Treasury and Commerce departments, Reuters reported this week, citing people who said they feared the hacks uncovered so far may be the tip of the iceberg.
"This is a developing situation and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," said a joint statement issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (Cisa), and the Office of the Director of National Intelligence (Odni).
Technology company SolarWinds, which was the key steppingstone used by the hackers, has said that up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.
"Over the course of the past several days, the FBI, Cisa and Odni have become aware of a significant and ongoing cyber-security campaign," the joint statement said.
"The FBI is investigating and gathering intelligence in order to attribute, pursue and disrupt the responsible threat actors."
The three agencies have formed a cyber unified coordination group to work on the US government's response, the statement said.
White House national security adviser Robert O'Brien cut short a European trip on Tuesday and returned to Washington to deal with the attack.
Meanwhile, the White House has convened urgent meetings of officials across multiple agencies to address the breach, according to a person familiar with the matter.
The Trump administration is holding daily discussions on the hack that include representatives of the FBI, Odni, Department of Homeland Security and National Security Agency, according to the source.
The customers of Texas-based SolarWinds include top government agencies and Fortune 500 companies.
It is unclear what information the hackers were after. No classified systems are believed to have been accessed, the source said.
The Department of Defence said in a statement that to date, it had no evidence its information networks were compromised.
"We will continue to work with the whole-of-government effort to mitigate cyber threats to the nation," Vice-Admiral Nancy Norton, director of the Defence Information Systems Agency, said in the statement.
In addition to the daily meetings, a separate US cyber response group is investigating the scope of the breach, which involved the departments of State, Commerce, Treasury and Homeland Security.
Technology officials at various government agencies are providing information to investigators and coordinating the response, the official said. It is not clear how long the clean-up and investigative effort will take.
REUTERS, BLOOMBERG
See more on