Russian Spies Hacked Treasury, Commerce Departments: Report

According to multiple reports published on Sunday, the Trump administration acknowledged that spies connected to the Russian government hacked into government networks at the Treasury and Commerce departments as early as this spring.

The breaches into the government organizations occurred through the update server of the network management system SolarWinds, according to the Washington Post — a tool with significant access to the workings of a given network, meaning that those who hacked in would have wide access once inside. At the moment, the motive for the attack is not known, though the hackers may have been in federal government systems as early as March. “This is a big deal,” according to cybersecurity expert John-Scott Railton, who spoke with the Post. “Given what we now know about where breaches happened, I’m expecting the scope to grow as more logs are reviewed. When an aggressive group like this gets an open sesame to many desirable systems, they are going to use it widely.”

Known by the monikers APT29 or Cozy Bear, the infiltrators are connected to Russian foreign intelligence, and broke into unclassified email servers at the State Department and the White House during the Obama administration. Earlier this summer, national security officials in the United Kingdom also warned that the group “has targeted various organisations involved in COVID-19 vaccine development in Canada, the United States and the United Kingdom, highly likely with the intention of stealing information and intellectual property relating to the development and testing of COVID-19 vaccines.”

So far, federal officials have only acknowledged a breach at the Commerce Department, which the Cybersecurity and Infrastructure Security Agency and the FBI are investigating. According to Reuters, the Commerce breach occurred in the agency that determines telecommunications policy, the
National Telecommunications and Information Administration. It’s also unclear exactly when the intrusions began. However, Reuters reports that the breach was serious enough to warrant a National Security Council meeting on Saturday.

Source Article