The email systems of several government agencies including the U.S. Departments of Treasury and Commerce were breached and monitored by foreign actors most likely connected to the Russian government, the Trump administration acknowledged December 13, 2020.
“Highly sophisticated” threat actors were apparently able to compromise authentication protocols used by Microsoft’s Office suite of applications, including Word, Outlook, and Excel, according to the Washington Post.
The same report pointed to SolarWinds, a network management system and company based in Austin, Texas as the entry point for the hacks. The company’s customers include all five branches of the U.S. military, the Pentagon, the State Department, NASA, the NSA, the Department of Justice, and the top five accounting firms in the U.S., according to its website.
“We are aware of a potential vulnerability which if present is currently believed to be related to updates… to our Orion monitoring products,” said a statement issued by SolarWinds President and CEO Kevin Thompson issued December 13, 2020.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state… We are acting in close coordination with FireEye,” the report indicated.
FireEye, a global leader in cybersecurity research and defense, announced that it had been breached earlier last week.
Reports from the Washington Post and the New York Times both suggest that the culprit behind these attacks originated from APT29, or “Cozy Bear,” the same group responsible for hacks of the State Department and the Executive Branch during the Obama administration.