www.reuters.com Open in urlscan Pro
2600:9000:24d3:e600:15:5a3e:9d40:93a1  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Discover Thomson Reuters

Directory of sitesLoginContactSupport
World

Business

Markets

Breakingviews
Video

More



for-phone-onlyfor-tablet-portrait-upfor-tablet-landscape-upfor-desktop-upfor-wide-desktop-up

Technology News
Invalid DateInvalid DateUpdated 2 years ago


SUSPECTED RUSSIAN HACKERS SPIED ON U.S. TREASURY EMAILS - SOURCES

By Christopher Bing

5 Min Read



WASHINGTON (Reuters) - Hackers believed to be working for Russia have been
monitoring internal email traffic at the U.S. Treasury and Commerce departments,
according to people familiar with the matter, adding they feared the hacks
uncovered so far may be the tip of the iceberg.


FILE PHOTO: A hooded man holds a laptop computer as cyber code is projected on
him in this illustration picture taken on May 13, 2017. REUTERS/Kacper
Pempel/Illustration

The hack is so serious it led to a National Security Council meeting at the
White House on Saturday, said one of the people familiar with the matter.

U.S. officials have not said much publicly beyond the Commerce Department
confirming there was a breach at one of its agencies and that they asked the
Cybersecurity and Infrastructure Security Agency and the FBI to investigate.

National Security Council spokesman John Ullyot added that they “are taking all
necessary steps to identify and remedy any possible issues related to this
situation.”

The U.S. government has not publicly identified who might be behind the hacking,
but three of the people familiar with the investigation said Russia is currently
believed to be responsible for the attack. Two of the people said that the
breaches are connected to a broad campaign that also involved the recently
disclosed hack on FireEye, a major U.S. cybersecurity company with government
and commercial contracts.

In a statement posted here to Facebook, the Russian foreign ministry described
the allegations as another unfounded attempt by the U.S. media to blame Russia
for cyberattacks against U.S. agencies.



The cyber spies are believed to have gotten in by surreptitiously tampering with
updates released by IT company SolarWinds, which serves government customers
across the executive branch, the military, and the intelligence services,
according to two people familiar with the matter. The trick - often referred to
as a “supply chain attack” - works by hiding malicious code in the body of
legitimate software updates provided to targets by third parties.

In a statement released late Sunday, the Austin, Texas-based company said that
updates to its monitoring software released between March and June of this year
may have been subverted by what it described as a “highly-sophisticated,
targeted and manual supply chain attack by a nation state.”

The company declined to offer any further detail, but the diversity of
SolarWind’s customer base has sparked concern within the U.S. intelligence
community that other government agencies may be at risk, according to four
people briefed on the matter.

SolarWinds says on its website that its customers include most of America’s
Fortune 500 companies, the top 10 U.S. telecommunications providers, all five
branches of the U.S. military, the State Department, the National Security
Agency, and the Office of President of the United States.

‘HUGE CYBER ESPIONAGE CAMPAIGN’

Related Coverage



Russia had nothing to do with suspected U.S. Treasury email snooping, says
Kremlin

The breach presents a major challenge to the incoming administration of
President-elect Joe Biden as officials investigate what information was stolen
and try to ascertain what it will be used for. It is not uncommon for large
scale cyber investigations to take months or years to complete.

“This is a much bigger story than one single agency,” said one of the people
familiar with the matter. “This is a huge cyber espionage campaign targeting the
U.S. government and its interests.”

Hackers broke into the NTIA’s office software, Microsoft’s Office 365. Staff
emails at the agency were monitored by the hackers for months, sources said.

A Microsoft spokesperson did not respond to a request for comment. Neither did a
spokesman for the Treasury Department.

The hackers are “highly sophisticated” and have been able to trick the Microsoft
platform’s authentication controls, according to a person familiar with the
incident, who spoke on condition of anonymity because they were not allowed to
speak to the press.



“This is a nation state,” said a different person briefed on the matter.

The full scope of the breach is unclear. The investigation is still its early
stages and involves a range of federal agencies, including the FBI, according to
three of the people familiar with the matter.

A spokesperson for the Cybersecurity and Infrastructure Security Agency said
they have been “working closely with our agency partners regarding recently
discovered activity on government networks. CISA is providing technical
assistance to affected entities as they work to identify and mitigate any
potential compromises.”

The FBI and U.S. National Security Agency did not respond to a request for
comment.

There is some indication that the email compromise at NTIA dates back to this
summer, although it was only recently discovered, according to a senior U.S.
official.

Reporting by Christopher Bing, Jack Stubbs, Joseph Menn, and Raphael Satter;
Editing by Chris Sanders, Daniel Wallis and Diane Craft

Our Standards: The Thomson Reuters Trust Principles.



Trending Stories


 * Apps
 * Newsletters
 * Advertise with Us
 * Advertising Guidelines
 * Cookies
 * Terms of Use
 * Privacy
 * Do Not Sell My Personal Information



All quotes delayed a minimum of 15 minutes. See here for a complete list of
exchanges and delays.

© 2023 Reuters. All Rights Reserved.
for-phone-onlyfor-tablet-portrait-upfor-tablet-landscape-upfor-desktop-upfor-wide-desktop-up








CCPA RIGHT TO OPT-OUT OF THE SALE OF YOUR PERSONAL INFORMATION

If you are a California consumer, you have the right, at any time, to direct a
business that sells your personal information to third parties to not sell your
personal information. This right is referred to as the right to opt-out. You may
exercise your right to opt-out of the sale of your personal information through
Reuters.com by clicking here. You do not have to create an account to exercise
this right.

Please note that opting-out may not mean you will stop seeing advertisements.
Additionally, in the event you opt-out under CCPA, but do not opt out of
interest-based advertising more generally, you may still receive advertisements
tailored to your interests based upon your Personal Information. For more
information about your rights as a California consumer and to learn more about
our use of interest-based advertising and additional opt-out choices, please see
our Privacy Statement.

When you visit our website, we store cookies on your browser to collect
information. The information collected might relate to you, your preferences or
your device, and is mostly used to make the site work as you expect it to and to
provide a more personalized web experience. However, you can choose not to allow
certain types of cookies, which may impact your experience of the site and the
services we are able to offer. Click on the different category headings to find
out more and change our default settings according to your preference. You
cannot opt-out of our First Party Strictly Necessary Cookies as they are
deployed in order to ensure the proper functioning of our website (such as
prompting the cookie banner and remembering your settings, to log into your
account, to redirect you when you log out, etc.). For more information about the
First and Third Party Cookies used please follow this link.
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active
Strictly Necessary Cookies

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms.    You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

 * FUNCTIONAL COOKIES
   
   Always Active
   
   These cookies enable the website to provide enhanced functionality and
   personalisation. They may be set by us or by third party providers whose
   services we have added to our pages.    If you do not allow these cookies
   then some or all of these services may not function properly.

SALE OF PERSONAL DATA

Always Active
Sale of Personal Data

Under the California Consumer Privacy Act, you have the right to opt-out of the
sale of your personal information to third parties. These cookies collect
information for analytics and to personalize your experience with targeted ads.
You may exercise your right to opt out of the sale of personal information by
using this toggle switch. If you opt out we will not be able to offer you
personalised ads and will not hand over your personal information to any third
parties. Additionally, you may contact our legal department for further
clarification about your rights as a California consumer by using this Exercise
My Rights link.

If you have enabled privacy controls on your browser (such as a plugin), we have
to take that as a valid request to opt-out. Therefore we would not be able to
track your activity through the web. This may affect our ability to personalize
ads according to your preferences.

 * PERFORMANCE COOKIES
   
   Always Active
   
   These cookies allow us to count visits and traffic sources so we can measure
   and improve the performance of our site. They help us to know which pages are
   the most and least popular and see how visitors move around the site.    All
   information these cookies collect is aggregated and therefore anonymous. If
   you do not allow these cookies we will not know when you have visited our
   site, and will not be able to monitor its performance.

 * TARGETING COOKIES
   
   Always Active
   
   These cookies may be set through our site by our advertising partners. They
   may be used by those companies to build a profile of your interests and show
   you relevant adverts on other sites.    They do not store directly personal
   information, but are based on uniquely identifying your browser and internet
   device. If you do not allow these cookies, you will experience less targeted
   advertising.

Reject All Confirm My Choices

Back Button

Back


PERFORMANCE COOKIES



Vendor Search Search Icon Filter Icon


Clear Filters

Information storage and access
Apply
Consent Leg.Interest

All Consent Allowed

Select All Vendors
Select All Vendors
All Consent Allowed

Reject All Confirm My Choices