Some U.S. officials claim that Russian government spies conducted an extensive, long-running hacking campaign that infiltrated the country’s Treasury, Commerce departments, and other American government agencies.
American authorities rushed to investigate the nature and extent of the interference and discussed how to best counter the attacks. However, initial discoveries found that the hacking campaign dates back several months.
The Russian hackers are known as APT29 or Cozy Bear and are part of the country’s foreign intelligence service, SVR. The group allegedly tapped into private email systems and was also responsible for the State Department and White House email servers’ hacking during Barack Obama’s presidency.
The Federal Bureau of Investigation (FBI) took responsibility for the case as early as spring but has still not revealed additional information about the matter as of Sunday. The hacking group’s victims include government, consulting, technology, telecom, and oil and gas companies in several countries worldwide.
On Sunday, FireEye, one of the firms affected by the breach, said the group intruded the organizations through the update server of a network management system that SolarWinds made.
In a statement, SolarWinds said monitoring products it released in the middle of the year had been secretly weaponized in a “highly-sophisticated, targeted attack by a nation-state.”
Some anonymous individuals familiar with the matter said that the Russian group’s espionage was conducted on a large scale. One said, “This is looking very, very bad.”
Products made by SolarWinds are used by more than 300,000 organizations worldwide. Some notable examples are the U.S. military, the Pentagon, State Department, Justice Department, NASA, the President’s Executive Officer, and the National Security Agency.
A senior researcher at Citizen Lab at the Munk School of Global Affairs and Public Policy at the University of Toronto, John Scott-Railton, said the incident was a big deal. He added that the nature and targets of the breach made officials even more wary of what they could have invaded.
Scott-Railton said, “When an aggressive group like this gets an open sesame to many desirable systems, they are going to use it widely.”
Last week, FireEye reported that its systems were also breached and that the group stole hacking tools it used to test its clients’ computer defenses. FireEye and Microsoft worked together to investigate the breach and found that APT29 used SolarWinds’ Orion network monitoring software updates to access several organizations.
Reports of hacking attacks on the Treasury and Commerce departments were first revealed on Sunday, with claims that a foreign government-backed group was behind the endeavor. The link of SVR to the broader campaign was not previously announced. The gravity of the situation forced the National Security Council to conduct an emergency meeting on Saturday.
A spokesman for the National Security Council, John Ullyot, said, “The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy and possible issues related to this situation.” However, the official did not provide any information regarding the country or group they think was responsible for the incident.
The Russian hacking group also targeted the National Telecommunications and Information Administration, which is responsible for handling the country’s Internet and telecommunications policy. The group also allegedly attempted to steal sensitive coronavirus research data and information, the Washington Post reported.
The group was also responsible for a massive espionage campaign in 2014 and 2015 that affected thousands of organizations, including government agencies, foreign embassies, energy companies, telecommunications firms, and universities. Additionally, it breached unclassified email systems of the White House, the Pentagon’s Joint Chiefs of Staff, and the State Department.
The White House cybersecurity coordinator at the time, Michael Daniel, said, “That was the first time we saw the Russians become much more aggressive, and instead of simply fading away like ghosts when they were detected, they actually contested access to the networks.”