Multiple federal agencies including the U.S. Treasury and Commerce departments were subject to a highly sophisticated cyber attack on Monday, U.S. officials told the Wall Street Journal.
The Russian foreign intelligence service is suspected of orchestrating the attack, one official familiar with the details said.
“The United States government is aware of these reports, and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot said in a statement.
The attack reportedly compromised several government agencies, and Russian hackers may have gained access to sensitive information from defense contractors and internal government communications and data. The Russian Embassy in the U.S. told the Journal that the allegations against the country were “unfounded attempts of the U.S. media to blame Russia.”
The hack was apparently orchestrated via a malicious software update from SolarWinds Inc., a Texas-based network management company. Defense contractor Booz Allen Hamilton and Lockheed Martin, as well as the U.S. Secret Service, National Security Agency, Defense Department, and Federal Reserve, all use SolarWinds products.
“We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state,” a SolarWinds spokesman told the Journal.
So-called supply chain attacks target computer products that are later introduced to networks of other businesses. The hacked SolarWinds software was updated to networks in May and June of 2020.
Security firm FireEye, which was hacked on Friday through the same breach in SolarWinds software, said that the attack constituted “top-tier operational tradecraft.”