Hackers broke into the networks of the Treasury and Commerce departments as part of a monthslong global cyberespionage campaign revealed Sunday, just days after the prominent cybersecurity firm FireEye said it had been breached in an attack that industry experts said bore the hallmarks of Russian tradecraft.
In response to what may be a large-scale penetration of US government agencies, the Department of Homeland Security’s cybersecurity arm issued an emergency directive calling on all federal civilian agencies to scour their networks for compromises. The threat apparently came from the same cyberespionage campaign that has afflicted FireEye, foreign governments and major corporations, and the FBI was investigating.
“This can turn into one of the most impactful espionage campaigns on record,” said cybersecurity expert Dmitri Alperovitch, cited by AP. The apparent conduit for the Treasury and Commerce Department hacks — and the FireEye compromise — is a hugely popular piece of server software called SolarWinds.
On its website, SolarWinds says its 300,000 customers worldwide include all five branches of the US military, the Pentagon, the State Department, NASA, the National Security Agency, the Department of Justice and the White House. It says the 10 leading US telecommunications companies and top five US accounting firms are also among customers.