Russian hackers are being accused of carrying out the biggest cyber-raid against the US for more than five years, targeting federal government networks in a sophisticated attack, according to American officials and sources.
The hackers, linked to Russian spy agencies, were able to monitor internal emails at the US Treasury and Department of Commerce and may have compromised other bodies, in what is being described as a highly sophisticated state-level attack.
Security agencies in the UK and elsewhere were also scrambling to assess the impact on their systems – while the revelation was deemed so grave it led to a national security council meeting at the White House over the weekend.
On Monday, the US national security council said it was working closely with the FBI and the Cybersecurity and Infrastructure Security Agency (Cisa) “to coordinate a swift and effective whole-of-government recovery and response to the recent compromise.”
The US has not formally named the country it believes is responsible, but multiple sources blamed Moscow, specifically a well-known Russian hacking group known as Cozy Bear.
Earlier this year the US, UK and Canada accused Cozy Bear of trying to steal coronavirus vaccine secrets from western researchers.
The group has been previously accused of trying to hack into White House and Democratic party systems in 2014 and 2015.
They compromised a little-known but strategically important corporate software management tool called SolarWinds, widely used by government agencies and businesses to copy and steal data, in attacks that began as long ago as March.
Cybersecurity experts said the hackers inserted their own code into SolarWinds software, used to carry out updates, from March without the company knowing.
This “supply chain attack” is extraordinarily difficult to detect, officials added, and allowed the operatives to gain access to sensitive systems without being detected.
The FBI is now investigating the breach on the Department of Treasury and Commerce to assert the severity of the hack.