Hackers believed to be working for Russia have been monitoring the internal e-mail traffic of the United States Department of Finance and Trade.
The hack was first reported by people claiming to be aware of the matter and resulted in a National Security Council meeting at the White House, Saturday, December 12.
US officials have not spoken much openly outside the Treasury and Commerce Department. They have asked the Cybersecurity Agency and the FBI to investigate.
Quoting Reuters Monday, December 14, National Security Council spokesman John Ullyot added that the authorities “are taking all necessary steps to identify and correct any issues that may be associated with this situation.”
According to the findings, hackers broke into the office software of the US Department of Treasury and Commerce, Microsoft Office 365. E-mails of staff in the department were also monitored by hackers for months.
There are some indications that email monitoring at the US Treasury will begin this summer. But the authorities only know about it now.
A Microsoft spokesman and a spokesman for the US Treasury Department declined to comment. The hackers were described as “very sophisticated” and able to circumvent Microsoft’s platform authentication controls, according to a person with knowledge of the incident, who spoke on condition of anonymity because he was not allowed to speak to the press.
Cyberspace spies are believed to have sneaked in and tampered with the updates released by IT company SolarWinds, which serves governments across the executive branch, military and intelligence services. The trick is often referred to as a ‘supply chain attack,’ hiding malicious code in software updates provided to targets by third parties.
In a statement released late Sunday, December 13, the Austin, Texas-based company said monitoring software updates released between March and June may have been subverted. The attack was highly sophisticated, targeted and carried out by someone of another nationality.
The company declined to provide further details. But SolarWind’s diverse customer base has sparked concern in the US intelligence community that other government agencies might be at risk.
SolarWinds says on its website that its customers include most US Fortune 500 companies, the top ten US telecommunications providers, the five branches of the US military, the Department of State, the National Security Service and the Office of the US President.
The US government has not publicly identified who may be behind the hack. But three people with knowledge of the investigation said Russia was currently believed to be responsible for the hack.
Two people said the breach was related to a campaign that also involved hacking that was recently exposed on FireEye, a major US cybersecurity company. Russia has responded to the hacking allegations.
In a statement posted to Facebook, the Russian Foreign Ministry described the allegations as another baseless attempt by the US media. The hack presents a major challenge to President-elect Joe Biden’s upcoming administration.
It’s not uncommon for large-scale cyber investigations to take months or years to complete.