Suspected Russian Hackers Reportedly Breached US Government Agencies
Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, according to people familiar with the matter.
The group, known as APT29, or Cozy Bear, was responsible for hacking the US State Department and the White House during the Obama administration, according to the Post, and is the group that officials believe targeted COVID-19 vaccine research over the summer.
Reuters reported that in addition to hacking Treasury and the Commerce Department’s National Telecommunications and Information Administration (NTIA), the hackers may have breached other US government entities.
The U.S. government has not publicly identified who might be behind the hacking, but three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack. Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.
The Russian foreign ministry did not immediately return a message seeking comment late Sunday.
The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick – often referred to as a “supply chain attack” – works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.
In a statement released late Sunday, the Austin, Texas-based company said that updates to its monitoring software released between March and June of this year may have been subverted by what it described as a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”