Strategic Communications at the National Security Council Senior Director John Ullyot commented on the serious assault on data of the U.S. Treasury Department and other state entities, which brought together White House agencies on an emergency basis.
“The U.S. government is aware of these reports and we are taking all necessary steps to identify and remedy any possible problems related to this situation,” Ullyot said, according to Reuters on Dec. 13.
The high-level hackers are backed by foreign governments, specialists, and were targeting data from the Commerce Department’s National Telecommunications and Information Administration (NTIA).
The intrusion into the NTIA has been going on for months, and was achieved by hacking into the authentication process of Microsoft Office 365, Forbes reported.
Among the emergency measures taken, the Cybersecurity and Infrastructure Agency (CISA) issued Emergency Directive 21-01, requesting all civilian federal agencies check their networks for indicators of compromise and immediately disconnect or shut down SolarWinds Orion products.
“The compromise of SolarWinds Orion network management products poses unacceptable risks to the security of federal networks,” said CISA acting Director Brandon Wales.
In response to this directive, all agencies operating SolarWinds products, a piece of server software, are expected to report to CISA by 12 p.m. Eastern Standard Time on Monday, Dec. 14, 2020.
A few days before the data theft at the Treasury Department, the cybersecurity firm FireEye reported that its systems had been breached. This case is being investigated by the FBI.
FireEye handles data for federal, state, and local governments, and major global corporations.
“This may become one of the most shocking spying campaigns on record,” said cybersecurity expert Dmitri Alperovitch, according to The Associated Press.
SolarWinds is applied in the systems of 300,000 global organizations and many U.S. federal agencies, including the military, the Pentagon, the State Department, NASA, the National Security Agency, the Justice Department, and the White House.
This case of hacking is particularly sensitive at a time when U.S. election results are severely disrupted by a host of frauds, involving the Chinese Communist Party, Russia, and Iran.