Branches of the Department of Defense and the State Department were among the agencies hacked as part of a massive espionage attack aimed at the federal government by a nation state that came to light this week.
The New York Times reported that both agencies were among the groups successfully breached by hackers as part of the attack on IT company SolarWinds, an Austin, Texas, based organization that said this week that hackers had accessed its Orion software between March and June of this year.
SolarWinds counts all five branches of the military among its customers, along with many other federal agencies and 425 of the U.S. Fortune 500 companies.
Reuters first reported on Sunday that the company had been hacked by a nation state, and that the Treasury Department and a Commerce Department agency had been among those successfully breached. On Monday, reports emerged that the Department of Homeland Security (DHS) had also been successfully breached.
Defense Department spokesperson Russell Goemaere said in a statement to The Hill that “the DoD is aware of the reports and is currently assessing the impact.”
Goemaere pointed to guidance and directives recently issued by the National Security Agency and the Joint Force Headquarters Department of Defense Information Network to help agencies defend against cyber threats.
“For operational security reasons the DoD will not comment on specific mitigation measures or specify systems that may have been impacted,” Goemaere said.
A spokesperson for the State Department declined to comment Tuesday.
The Washington Post reported Sunday that a Russian military intelligence hacking group known as “Cozy Bear” was responsible. The same group was previously accused of hacking into the State Department during the Obama administration, and of targeting COVID-19 vaccine research earlier this year.
Secretary of State Mike Pompeo on Monday described the incident as a “consistent effort by the Russians to try to get into American servers, not only those of government agencies but of businesses” during an interview with Breitbart News Radio on SiriusXM Patriot.
“We see this even more strongly from the Chinese Communist Party, from the North Koreans as well,” Pompeo said. “It’s an ongoing battle, an ongoing struggle to keep our systems safe, and I’m very confident the United States Government will keep our classified information out of the hands of these bad actors.”
The federal government began its response to the attacks over the past weekend, with the months-long espionage effort discovered as part of investigation into the breach of cybersecurity company FireEye that was announced last week.
Bloomberg News reported Tuesday that National Security Advisor Robert O’Brien had cut short a trip to the Middle East and Europe to return to the U.S. and address the massive cybersecurity incident, and that O’Brien planned to convene “high-level” meetings to respond to the attack over the next few days.
On Tuesday, the National Security Council (NSC) announced that a “cyber unified coordination group” had officially been stood up to respond to the incident. The group was formed as a result of an 2016 executive order from former President Obama that laid out the federal government’s coordinated response to a debilitating cyberattack.
“A Cyber Unified Coordination Group (UCG) has been established to ensure continued unity of effort across the United States Government in response to a significant cyber incident,” NSC spokesperson John Ullyot said in a statement tweeted out by the NSC on Tuesday.
“The UCG process facilitates continuous and comprehensive coordination for whole-of-government efforts to identify, mitigate, remediate, and respond to this incident,” he added. “The highly-trained and experienced professionals across the government are working diligently on this matter.”
The announcement of the UCG came the day after the NSC confirmed that the agency was working with the FBI, DHS’s Cybersecurity and Infrastructure Security Agency, and the intelligence community to respond to the incident.
CISA put out an emergency directive on Sunday night ordering federal agencies to disconnect systems from SolarWinds software by Monday afternoon in an effort to immediately respond to the incident.
SolarWinds in a filing with the Securities and Exchange Commission on Monday noted that around 18,000 customers were likely impacted by the attack, which involved the hackers exploiting a vulnerability in Orion software updates sent to customers earlier this year.
Lawmakers on both sides of the aisle have expressed extreme alarm around the incident, which is already being viewed as one of the largest cybersecurity incidents in U.S. history.
The Senate Commerce Committee briefed by the Commerce Department on Monday on the issue, while the Senate Armed Services Committee’s cybersecurity subcommittee received a classified briefing from the Department of Defense on its cybersecurity operations on Tuesday.
“Cyberattacks by nation states like Russia and China threaten our economy and national security. Our response should be swift and clear,” Senate Commerce Committee Chairman Roger Wicker (R-Miss.) and Sens. John Thune (R-S.D.) and Jerry Moran (R-Kan.) said in a joint statement following the Commerce Department briefing.