Cyber hackers working on behalf of a foreign government that is widely believed to be Russia broke into numerous government agencies and networks, including the Commerce, Treasury Departments, and several national security agencies. The cyber hackers breached the protected email systems in a sophisticated attack that has left the feds reeling.

On Saturday, the US Cybersecurity and Infrastructure Security Agency (CISA) said the computer intrusion “poses a grave risk” to US federal, state, local agencies, US companies, and organizations.

In a Cyber National Awareness alert this weekend, a statement warned, “The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

Even with all eyes on Russia due to expected election interference during the 2020 presidential election, no one noticed the successful attacks being waged on key federal agencies until the past week or two. Yet the cyber hack had been ongoing for several months, since about March, though the government cannot say for sure exactly what date the intrusions began.

On Sunday night, in emergency orders to all government agencies, the Department of Homeland Security instructed them to shut down the operating system “Solar Winds” network management software. Hackers broke into the various systems of "Solar Winds" during automatic updates occurring on the SolarWinds systems, which also impacted numerous US companies.

Simultaneously, FireEye, a $3.5 Billion Silicon Valley security company, discovered they had also become victims of cyber hacking. The hackers broke into the FireEye internal systems, gaining access to FireEye's own security tools, including proprietary programs devised to stop security system breaches. This cyber intrusion included access to US government agencies' systems holding sensitive information.

FireEye provides services to numerous US agencies, including the Department of Homeland Security, other US intelligence agencies, and numerous American companies.

John Ullyot, a spokesman for the National Security Council, said the government is investigating the breaches but did not officially identify Russia as the cyber hacks' source.

“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the National Security Council.

The attacks are expected to disrupt federal agencies and US corporations due to the actors' theft of high-level security information and sophisticated knowledge of breaching high-security systems.

CISA characterized the cyber hackers as demonstrating “sophistication and complex tradecraft in these intrusions. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging. This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks. It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered.”

The Department of Homeland Security, the FBI and the Office of the Director of National Intelligence have created a special team to jointly combat and respond to the government cyber breach, which may be the largest in history.