According to sources, a widespread campaign of cyber-attacks hit U.S. government agencies by hackers suspected of exploiting a flaw in updating a U.S. software company. The U.S. government was focused over the last several months on detecting and countering possible Russian interference in the U.S. presidential election.
The administration reported that the effort was successful. The investigators suspected that Russian hackers were quietly working their way into the computer networks of American government agencies and sensitive corporate victims undetected.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” stated John Ullyot, a spokesman of the National Security Council.
According to sources, the attackers were snooping on emails at the U.S. Treasury Department and the Commerce Department’s arm. The primary suspect behind the breach is an infamous hacking group backed by the Russian government. Austin, Texas-based SolarWinds Corp. stated to confirm that the software update system for one of its products had been used to send malware to customers.
“We are aware of a potential vulnerability which, if present, is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products. We believe that this vulnerability is the result of a highly-sophisticated, targeted, and manual supply chain attack by a nation-state.”
The investigators followed the attackers’ digital tracks, and it was revealed that FireEye might have been the first victim to detect the attack. U.S. government investigators are now unravelling which agencies may have also been breached and the extent to which the hackers accessed sensitive information. The process could very well take days or weeks.
The last time the U.S. government was caught with a lack of preparation was about five years ago when Chinese hackers stole information related to anyone who had applied for or received a national security clearance from the Office of Personnel Management computers.