Over the weekend, news leaked that federal law enforcement agencies are investigating a successful espionage focused cyberattack against the U.S. government.
A U.S. Department of Commerce spokesperson made the following cryptic confirmation:
"We have asked CISA [Cybersecurity and Infrastructure Security Agency] and the FBI to investigate, and we cannot comment further at this time."
Reuters, which covered the story, talked to several sources who confirmed a number of things about the reported cyberattack:
One thing that remains unclear is how the successful cyberattack occurred and which technology or tools were compromised.
For example, the Washington Post says it was an IT network monitoring tool:
"All of the organizations were breached through a network management system called SolarWinds, according to three people familiar with the matter, who spoke on condition of anonymity because of the issue's sensitivity."
However, others told Reuters the hackers defeated Office365 authentication for the attack:
"Hackers broke into the NTIA's office software, Microsoft's Office 365. Staff emails at the agency were monitored by the hackers for months, sources said."
One area where sources appear to agree is around which nation-state is most likely behind these attacks against the U.S. Treasury Department and the NTIA.
Russian hackers—most likely the hacking group APT29, known as Cozy Bear—are believed to be behind the attack. This group is linked to the Russian foreign intelligence service, or SVR.
And there is real concern that we are only looking at the tip of the iceberg in this case because other agencies may also be victims.
"This is a huge cyber espionage campaign targeting the U.S. government and its interests," a source told Reuters.
It sounds like a National Security Council meeting convened at the White House over the weekend to discuss the breach.
We'll update this story as we learn more.