A multifaceted cyberattack was launched on the United States Treasury Department and the Commerce Department’s National Telecommunications and Information Administration (NTIA). The Trump Administration acknowledged reports that a group backed by a foreign government carried out a cyberattack. Russia is believed to be behind the attack but has so far denied allegations on Facebook. The foreign hackers have been monitoring internal emails of the US Treasury and Commerce departments are being described as, “highly sophisticated.”
The operators behind this highly developed and intricate cyberattack on the US are suspected to have interloped upon updates released by SolarWinds. SolarWinds is an IT company that serves most of America’s Fortune 500 companies, the top 10 US telecommunication providers, all five branches of the US military, the State Department, the National Security Agency, and the Office of the President of the United States, according to their website. The cyberattack is what is referred to as a “supply chain attack” where the hackers write malicious code into software updates provided to their targets by the third party, in this case SolarWinds. NTIA’s office software, Microsoft’s Office 365 was included in this cyberattack and staff emails at NTIA could have been monitored by the hackers for months.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) along with other federal agencies are all currently investigating the cyberattack and believe that the NTIA email compromise could have dated back to this summer. This cyber breach is more than an attack on one single US agency and is noted to be a “huge cyber espionage campaign targeting US government and its interests” since the attack was targeted towards multiple federal departments and agencies. The investigation could take months or even years to complete and is still in the early stages as the entire span of the breach is still uncertain.
More on this cyberattack can be found here.