The same Russian government hacking group responsible for a security breach at FireEye compromised the Treasury and Commerce departments and other US government agencies, The Washington Post reported. The group, known as APT29, or Cozy Bear, was responsible for hacking the US State Department and the White House during the Obama administration, according to the Post, and is the group that officials believe targeted COVID-19 vaccine research over the summer.
Reuters reported that in addition to hacking Treasury and the Commerce Department’s National Telecommunications and Information Administration (NTIA), the hackers may have breached other US government entities.
Government officials considered the hack dire enough that the National Security Council held an emergency meeting at the White House on Saturday.
An NSC spokesman told Reuters that the government was “aware” of the reports, adding “we are taking all necessary steps” to remedy the situation. It’s not yet clear exactly what information may have been stolen or which foreign government was involved. But the “highly sophisticated” hackers were able to break into NTIA’s Microsoft Office software, tricking authentication controls in order to monitor staff emails for months, according to Reuters.
Microsoft released details on the methods used in the hack, late Sunday night. Microsoft says the hackers operating on behalf of an external nation state compromised SolarWinds’ Orion monitoring and management software giving attackers a foothold in target networks. Intruders were then able to “impersonate any of the organization’s existing users and accounts, including highly privileged accounts.”
Both Microsoft and SolarWinds are making countermeasures available to customers to help detect, protect, and respond to the threat.
Several federal law enforcement agencies, including the FBI, are investigating the breach.
Update December 14th, 4:47AM ET: Added details provided by Microsoft and SolarWinds.