After the news first broke out on Sunday, on Monday, the US Department of Homeland Security and a slew of other businesses began to investigate and respond to a hacking campaign that officials suspect was directed by the Russian government. It is being speculated that the U.S. departments of Treasury and Commerce, parts of the Defense Department, the DHS, State Department, and National Institutes of Health were attacked by Russian hackers as a means to derive secret information.
On Monday night, a day after Reuters reported the initial set of attacks, the New York Times reported that the hackers had also hit the U.S. departments of Treasury and Commerce, along with parts of the Defense Department. Three sources who knew about the situation, told Reuters on Monday, that emails sent by officials at DHS, which oversees border security and defense against hacking, were monitored by the hackers as part of the sophisticated series of breaches.
Department of Homeland Security spokesman Alexei Woltornist said the department is aware of reports of a breach and is currently investigating the matter. “The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response,” Woltornist said in a statement. Meanwhile, “For operational security reasons the DoD will not comment on specific mitigation measures or specify systems that may have been impacted,” a Pentagon spokesman said.
Majorly hit by the cyber attacks is the technology company SolarWinds, which said that up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months. In accordance with the issue, the government issued an emergency warning on Sunday, ordering federal users to disconnect SolarWinds software which it said had been compromised by “malicious actors.”
SolarWinds said in a regulatory disclosure it believed the attack was the work of an “outside nation-state” that inserted malicious code into updates of its Orion network management software issued between March and June this year. “SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,” it said.
Investigators around the world are now trying to find out who was hit, and Moscow denied having any connection to the attacks.