Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of a global espionage campaign that stretches back months, multiple news outlets reported Sunday.
Reuters, which was first to report the story, said files were stolen from both agencies as a result of the incursion, though the extent of the attack was not immediately known.
The Washington Post reported that the attackers were Russian in origin.
“We can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate, and we cannot comment further at this time,” an official with the Commerce Department told NBC News.
Other government agencies are believed to have been breached by the same group using the same techniques, people familiar with the situation told Reuters.
National Security Council (NSC) officials reportedly discussed the attacks at a recent emergency meeting. The agency confirmed in a statement to Reuters that it was aware of the reports of an attack and was investigating.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said NSC spokesman John Ullyot.
https://twitter.com/Bing_Chris/status/1338194409779834885?s=20
“I’m sorry I’m not there with them, but they know how to do this. This thing is still early, I suspect. Let’s let the pros work it,” Krebs tweeted Sunday.
“Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.”
As news breaks about what looks to be a pretty large-scale hack, I have the utmost confidence in the @CISAgov team and other Federal partners. I'm sorry I'm not there with them, but they know how to do this. This thing is still early, I suspect. Let's let the pros work it.
— Chris Krebs (@C_C_Krebs) December 13, 2020
Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.
— Chris Krebs (@C_C_Krebs) December 13, 2020