Dec 23, 2024

Breaches at US Treasury, Commerce & Others: Hack of federal agencies shows cyber dangers to supply chains

by Diane Lilli | Dec 28, 2020
Aerial view of the U.S. Department of the Treasury building, surrounded by trees and urban landscape. Photo Source: The U.S. Treasury Department building viewed from the Washington Monument, Washington, D.C. (AP Photo/Patrick Semansky)

Cyber hackers working on behalf of a foreign government that is widely believed to be Russia broke into numerous government agencies and networks, including the Commerce, Treasury Departments, and several national security agencies. The cyber hackers breached the protected email systems in a sophisticated attack that has left the feds reeling.

On Saturday, the US Cybersecurity and Infrastructure Security Agency (CISA) said the computer intrusion “poses a grave risk” to US federal, state, local agencies, US companies, and organizations.

In a Cyber National Awareness alert this weekend, a statement warned, “The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations.”

Even with all eyes on Russia due to expected election interference during the 2020 presidential election, no one noticed the successful attacks being waged on key federal agencies until the past week or two. Yet the cyber hack had been ongoing for several months, since about March, though the government cannot say for sure exactly what date the intrusions began.

On Sunday night, in emergency orders to all government agencies, the Department of Homeland Security instructed them to shut down the operating system “Solar Winds” network management software. Hackers broke into the various systems of "Solar Winds" during automatic updates occurring on the SolarWinds systems, which also impacted numerous US companies.

Simultaneously, FireEye, a $3.5 Billion Silicon Valley security company, discovered they had also become victims of cyber hacking. The hackers broke into the FireEye internal systems, gaining access to FireEye's own security tools, including proprietary programs devised to stop security system breaches. This cyber intrusion included access to US government agencies' systems holding sensitive information.

FireEye provides services to numerous US agencies, including the Department of Homeland Security, other US intelligence agencies, and numerous American companies.

John Ullyot, a spokesman for the National Security Council, said the government is investigating the breaches but did not officially identify Russia as the cyber hacks' source.

“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said John Ullyot, a spokesman for the National Security Council.

The attacks are expected to disrupt federal agencies and US corporations due to the actors' theft of high-level security information and sophisticated knowledge of breaching high-security systems.

CISA characterized the cyber hackers as demonstrating “sophistication and complex tradecraft in these intrusions. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging. This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks. It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered.”

The Department of Homeland Security, the FBI and the Office of the Director of National Intelligence have created a special team to jointly combat and respond to the government cyber breach, which may be the largest in history.

Share This Article

If you found this article insightful, consider sharing it with your network.

Diane Lilli
Diane Lilli
Diane Lilli is an award-winning Journalist, Editor, and Author with over 18 years of experience contributing to New Jersey news outlets, both in print and online. Notably, she played a pivotal role in launching the first daily digital newspaper, Jersey Tomato Press, in 2005. Her work has been featured in various newspapers, journals, magazines, and literary publications across the nation. Diane is the proud recipient of the Shirley Chisholm Journalism Award.

Related Articles

Cars lined up at a gas station with people refueling after the Colonial Pipeline cyberattack, indicating fuel shortages.
Colonial Pipeline Latest Victim of Stepped-up Ransomware Attacks

Colonial Pipeline, which operates the United States’ largest fuel pipeline was shut down for days due to a cyberattack committed by a Russian hacker gang known as DarkSide. There have been gasoline shortages and spikes in the price of gas. The company released a statement on its website: "Colonial Pipeline... Read More »