The U.S. government says hackers “likely Russian in origin” are responsible for breaching the networks of at least 10 U.S. federal agencies and several major tech companies, including FireEye and Microsoft.
In a joint statement published Tuesday, the FBI, the NSA, and Homeland Security’s cybersecurity advisory unit CISA said that the government was “still working to understand the scope” of the breach, but that the breaches is likely an “intelligence gathering effort.”
The statement didn’t name the agencies, but the Treasury, State, and the Department of Energy are among those reported to be affected.
News of the widespread espionage campaign emerged in early December after cybersecurity giant FireEye, normally the first company that cyberattack victims will call, discovered its own network had been breached. Soon after it was reported that several government agencies had been infiltrated.
All of the victims are customers of U.S. software firm SolarWinds, whose Orion network management tools are used across the U.S. government and Fortune 500 companies. FireEye said that hackers broke into SolarWinds’ network and pushed a tainted software update to its customers, allowing the hackers to easily break in to any one of thousands of networks.
Some 18,000 customers downloaded the backdoored software update, but the government’s joint statement said that it believes only a “much smaller number have been compromised by follow-on activity on their systems.”
Several news outlets have reported that the hacks were carried out by a Russian intelligence group known as APT 29, or Cozy Bear, which has been linked to several espionage-driven attacks, including attempting to steal coronavirus vaccine research. Tuesday’s joint statement would be the first time the government acknowledged the likely culprit behind the campaign.
Russia had previously denied involvement with the hacks.