Hackers backed by foreign government breach Treasury, Commerce departments: reports

Hackers linked to a foreign government breached systems belonging to the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA) within the Commerce Department, multiple news outlets reported Sunday.

Reuters, which was first to report the story, said files were stolen from both agencies as a result of the incursion, though the extent of the attack was not immediately known.

The Washington Post reported that the attackers were Russian in origin.

“We can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate, and we cannot comment further at this time,” an official with the Commerce Department told NBC News. 

Other government agencies are believed to have been breached by the same group using the same techniques, people familiar with the situation told Reuters.

National Security Council (NSC) officials reportedly discussed the attacks at a recent emergency meeting. The agency confirmed in a statement to Reuters that it was aware of the reports of an attack and was investigating.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said NSC spokesman John Ullyot.

NSC officials did not immediately return a request for further comment from The Hill.

White House National Security Council comment:https://t.co/NaZbs0uwN6

— Chris Bing (@Bing_Chris) December 13, 2020

Officials with the Cybersecurity and Infrastructure Security Agency (CISA) also confirmed the breach to Reuters, saying officials there “have been working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”

.@CISAgov comment->confirms breach: “We have been working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”

— Chris Bing (@Bing_Chris) December 13, 2020

The news comes as CISA is operating under new leadership after President Trump fired its former director, Christopher Krebs, last month after Krebs insisted the 2020 election had been secure.

“I’m sorry I’m not there with them, but they know how to do this. This thing is still early, I suspect. Let’s let the pros work it,” Krebs tweeted Sunday.

“Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.”

Also, hacks of this type take exceptional tradecraft and time. On the 1st, if this is a supply chain attack using trusted relationships, really hard to stop. On the 2nd, I suspect this has been underway for many months. Need good detections to find victims and determine scope.

— Chris Krebs (@C_C_Krebs) December 13, 2020

Updated at 9:40 p.m.