The U.S. Department of Commerce and U.S. Treasury Department were victims of a data breach, the agency confirmed Sunday night. The news broke out just days after U.S. officials warned that hackers linked to the Russian government were exploiting vulnerabilities to target sensitive data.
The Department of Homeland Security’s Cyber security and Infrastructure Security Agency also confirmed news of the cyber security breach.
The U.S. government has issued an emergency warning after it emerged that nation-state hackers had managed for several months to weaponize software used by most Fortune 500 companies and multiple federal agencies, as well as thousands of organizations globally.
The Department of Homeland Security issued a statement to confirm the news of the security breach, “We have been working closely with our agency partners regarding recently discovered activity on government networks.”
“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” the statement continued.
According to The Washington Post, Russian government hackers targeted Department of Commerce as well as the Treasury Department and other government agencies, according to insider sources who request anonymity due to the gravity of the matter.
The FBI is currently investigating the security breach. According to the Post, the Russia-linked group that breached the top cyber security firm FireEye could be linked to the latest attack. The CNN previously reported that Russian-affiliated group APT29 could be behind the FireEye breach.
According to insider sources, it’s all interlinked.
Last week, the National Security agency published an advisory warning that Russian-state sponsored hackers accessed data on government systems and called for all networks, including the Defense Department’s to be fixed immediately.
Christopher Krebs, former Director for Cybersecurity and Infrastructure Security Agency, wrote in a tweet on Sunday that, “hacks of this type take exceptional tradecraft and time.”
SolarWinds, that company which provided the software for government agencies, is currently working with the law enforcement agencies to learn more about the security breach.
