List of known U.S. Russian cyber-espionage victims grows, includes cybersecurity agencies

Peter Weber

December 15, 2020, 9:12 PM

The list of U.S. government agencies breached in a sophisticated, months-long cyber-espionage campaign grew Monday to include the State Department, the National Institutes of Health, parts of the Pentagon, and notably, the Department of Homeland Security, The New York Times reports.

"The fact that the department charged with safeguarding the country from physical and cyber attacks was victimized underscores the campaign's significance and calls into question the adequacy of federal cybersecurity efforts," The Washington Post notes. The Treasury Department and Commerce Department were the first federal agencies discovered to have been infiltrated. Russia's Foreign Intelligence Service (SVR) is believed to have carried out the stealthy digital espionage.

Top cybersecurity firm FireEye, counterproductively targeted by the Russian hackers, discovered the breach and traced it back to malware slipped into the software update of SolarWinds' popular Orion network management program. SolarWinds said Monday that fewer than 18,000 of its 300,000 clients had downloaded the infected malware starting in March. U.S. investigators are scrambling to figure out what and how much data the cyber-spies stole over those nine months.

FireEye's Charles Carmakal said his team thinks "the number who were actually compromised were in the dozens," but "they were all the highest-value targets." John Hultquist, manager of analysis at FireEye, said the U.S. is currently "shutting the door" created by the malware, but the hackers still have access and "there are a lot of information-security teams right now who are probably going to be working on this problem through Christmas." Their visibility into their own servers will be limited because they needed to shut down the compromised SolarWinds software they had used to monitor their networks.

Aside from the "embarrassing breaches" at the Pentagon and Homeland Security, "the National Security Agency — the premier U.S. intelligence organization that both hacks into foreign networks and defends national security agencies from attacks — apparently did not know of the breach in the network-monitoring software made by SolarWinds until it was notified last week by FireEye," the Times reports. "The NSA itself uses SolarWinds software."

List of known U.S. Russian cyber-espionage victims grows, includes cybersecurity agencies

US Treasury, Commerce Department breached, agency says

Russian hackers breach federal government, targeting multiple agencies

US agencies, companies secure networks after huge hack

US treasury and commerce departments targeted in cyber-attack

Russian Intelligence Suspected in Cyberattack on Federal Agencies

Government and industry reeling after Russian hackers pierce internal networks

Cybersecurity Stocks Rise, SolarWinds Plunges Amid Reports Of Russian Hacking

Suspected Russian hackers broke into US federal agencies and spied on emails in a 'highly sophisticated' cyberattack

3 Cybersecurity Stocks to Focus On Amid Reports Of Russian Hacking

Hackers, suspected to be backed by Russia, break into networks of U.S. agencies

What Investors Need To Know About The US Treasury Cyberattack

Blockchain Bites: Google Goes Down, Nexus CEO and US Treasury Get Hacked

Trump aide O'Brien cuts Europe trip short to deal with cyber hack

Why an obscure Texas company is at the center of a Russian hacking campaign