The Department of Homeland Security, the State Department and the National Institutes of Health on Monday joined a growing list of government agencies targeted in a digital spying operation by Russia whose damage remains unclear but is thought to be extensive, the Washington Post reported late Monday.
The fact that the department responsible for keeping the nation safe from cyber attacks was victimized raises question about the effectiveness of government efforts to protect against digital spying.
The list of victims of the cyberespionage, had already included the Treasury and Commerce departments, but the list of targets is expanding and likely include more federal agencies and numerous private companies, officials familiar with the matter told the Post.
In a federal securities filing on Monday, SolarWinds reported that “fewer than 18,000” of its customers may have been affected in the attack. The figure represents just a fraction of the maker of the popular network-managements software’s more than 300,000 customers worldwide, but still represents a significant group of important networks that includes the Pentagon and the White House. Russia has denied any role in the spying effort, the Post said.
According to the Post, DHS spokesman Alexei Woltornist said that the department is aware of reports of a breach and is investigating the matter.
The Russian Foreign Intelligence Service (SVR) is thought to be behind the campaign, which has been running since at least the spring. The hackers gained access to their victims’ systems by compromising routine software patches sent to these systems by SolarWinds.
Experts told the Post that the nature of the hacks indicated that the attackers were focused on high-value targets, although the spy effort appears so far to be a part of Russian intelligence that has little known record for advancing online disinformation campaigns like the ones seen during the 2016 presidential elections.
FireEye, a top cybersecurity firm that was also breached, discovered through its own investigation that SolarWinds had been compromised. The firm described the victims as including “government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.”
“We anticipate there are additional victims in other countries and verticals,” the firm said.
Hackers stole potent cyberattack tools that FireEye used for research purposes, according to the Post.
John Hultquist, manager of analysis at FireEye, told the Post that intruders are “still in these organizations. There are a lot of information-security teams right now who are probably going to be working on this problem through Christmas.”
The details of what was taken and from whom are not yet public in the Russian operation which dates at least as far back as March and was described as active as recently as Sunday.