The Cybersecurity Infrastructure Security Agency and FBI are investigating a breach of at least two federal agencies believed to have been carried out by hackers likely working for Russia, according to a story first reported Sunday by Reuters.
According to the report, hackers have been monitoring internal emails at the Treasury Department and the National Telecommunications and Information Administration, a Commerce Department agency that creates internet policy.
The report suggests the breach of federal systems is related to a recent hack of cybersecurity firm FireEye, and posits the culprits used a “supply chain attack” to gain access to the systems. An unnamed official in the Reuters report further added that the “highly sophisticated” hackers were able to trick Microsoft’s email platform authentication controls. Multiple officials told the Washington Post that hackers may have breached the agencies through software updates of a network management system operated by Texas-based IT company SolarWinds.
Microsoft declined to comment Sunday.
SolarWinds released a statement Sunday acknowledging a possible vulnerability in one of their software products.
“We are aware of a potential vulnerability which if present is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products,” said Kevin Thompson, SolarWinds president and CEO, in a statement. “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigati ..
Support the originator by clicking the read the rest link below.
