The U.S. Treasury and the Commerce Department’s National Telecommunications and Information Administration (NTIA) have reportedly been hacked by a foreign government:
A foreign government-backed hacking group stole information from @USTreasury & @NTIAgov, & may have hacked other US government agencies, @Reuters reports.
The hack was deemed so serious it led to a National Security Council meeting at the WH on Saturday. https://t.co/ONtQOFiiar
— Kenneth P. Vogel (@kenvogel) December 13, 2020
According to these reports, “staff emails at the [NTIA were monitored by hackers for months”:
From Reuters' story: "Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff emails at the agency were monitored by the hackers for months…"
The hackers were "able to trick the Microsoft platform’s authentication controls…"https://t.co/ULVSDaiG9G
— Eric Geller (@ericgeller) December 13, 2020
Other U.S. government agencies may have been breached, too:
BREAKING: a highly sophisticated hacking group has stolen emails from Treasury Department and Commerce's NTIA. Other USG agencies are believed to be breached by same group through similar technique.
Hacking operation is so serious that NSC had a recent emergency meeting
— Chris Bing (@Bing_Chris) December 13, 2020
The National Security Council released a statement saying they “are taking all necessary steps to identify and remedy any possible issues related to this situation”:
White House National Security Council comment:https://t.co/NaZbs0uwN6
— Chris Bing (@Bing_Chris) December 13, 2020
And:
.@CISAgov comment->confirms breach: “We have been working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
— Chris Bing (@Bing_Chris) December 13, 2020
Russia may be behind the attack:
.@nakashimae pushing reporting further. Seems that APT29/Russian intel SVR is behind it: https://t.co/V2rNEtfSDE
— Chris Bing (@Bing_Chris) December 13, 2020
The FBI is reportedly “on site” at the Commerce Department:
"The FBI's on site" at the Commerce Department, the parent agency of NTIA, per this official.
Emergency NSC meeting yesterday, this person said.
"It seems like it's gonna be a much bigger issue, but there's not a lot of firm understanding of how broad the scale is."
— Eric Geller (@ericgeller) December 13, 2020
COMMERCE CONFIRMS BREACH:
"We can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate, and we cannot comment further at this time."-spokesperson.
— Chris Bing (@Bing_Chris) December 13, 2020
“The implication is that it’s a nation-state confrontation”:
In addition to the FBI, CISA is providing support, and ODNI and U.S. Cyber Command have gotten involved.
"When CyberCom starts getting involved in something, it's a big deal," U.S. official said. "The implication is that it's a nation-state confrontation."
— Eric Geller (@ericgeller) December 13, 2020
The cybersecurity firm FireEye was also reportedly breached:
Hearing that the way that FireEye was hacked is similar to how the government agencies are getting popped. Same group as well: apt29 – Russian intel service SVRhttps://t.co/LOhVPxcHKx
— Chris Bing (@Bing_Chris) December 13, 2020
We’ll keep you posted.
***
