According to sources familiar with the matter at hand, Russian-state backed hackers have been monitoring internal email traffic at the U.S. Commerce and Treasury Departments. The hacks that have so far been uncovered may only be the tip of the iceberg.
The gravity of the cyber security can be inferred from the fact that it led to a National Security Council meeting at the White House on Saturday, said a source familiar with the matter at hand.
So far U.S. officials have not disclosed anything beyond the Commerce Department’s acknowledgement of a breach at one of its agencies and that it has asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate.
In a statement John Ullyot, the spokesman for the National Security Council said they “are taking all necessary steps to identify and remedy any possible issues related to this situation.”
The U.S. government has yet to publicly name the actors behind the hacking incident; however according to three of the people familiar with the investigation, Russia is said to be the prime suspect in the attack.
According to two sources, the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.
The Russian foreign ministry did not immediately return requests for comments.
Cyber actors have also surreptitiously tampered with updates released by SolarWinds, an IT company which has the U.S. government as its customer across the executive branch, the military, and the intelligence services. The cyber attack used is said to be a “supply chain attack” wherein malicious code is injected into the body of legitimate software updates.
These breaches along with leaked database of Chinese Communist Party members infiltrating western companies presents a major challenge to the incoming U.S. Administration with officials investigating what information has been stolen to try and ascertain how it will be used.
It is not uncommon for large scale cyber investigations to take months or years to complete.
“This is a much bigger story than one single agency,” said a source familiar with the matter. “This is a huge cyber espionage campaign targeting the U.S. government and its interests.”
According to sources, hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months.
The hackers used “highly sophisticated” techniques to trick Microsoft platform’s authentication controls, said a source familiar with the incident, while spoking on the condition of anonymity.
“This is a nation state,” said another source.
In a statement, a spokesperson for the Cybersecurity and Infrastructure Security Agency said, it is “working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
Neither the FBI or the U.S. National Security Agency immediately responded to requests for comments.