US Treasury, Commerce Department breached, agency says
Two officials tell ABC News that Russia is believed to be behind the breach.
The U.S. Treasury Department and U.S. Department of Commerce were victims of a cyber breach, the agency and a source familiar with the breach confirmed to ABC News.
“We can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate, and we cannot comment further at this time,” the Commerce Department said in a statement Sunday.
A source familiar with the investigation tells ABC News it was a sophisticated attack and that very few entities are capable of such. Authorities are investigating and assessing who was behind the breach, which may reach beyond the Treasury and Commerce departments, but two government officials tell ABC News that Russia is believed to be behind the cyber intrusion.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” NSC spokesman John Ullyot told ABC News.
The Cybersecurity and Infrastructure Security Agency, an arm of the Department of Homeland Security, told ABC News it is assisting with the investigation.
“We have been working closely with our agency partners regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
CISA offered an emergency directive Sunday night to “mitigate the compromise” of the software that is used by the Treasury and Commerce Departments and was compromised.
SolarWinds, the company which provided the software for these agencies, says it's working with the FBI and law enforcement to get to the bottom of the breach.
"We are aware of a potential vulnerability which, if present, is currently believed to be related to updates which were released between March and June 2020 to our Orion monitoring products," SolarWinds President and CEO Kevin Thompson said in a statement. "We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state."
Under the Homeland Security Act, CISA can authorize emergency guidance to federal departments using the software to disconnect the software from their server.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” CISA Acting Director Brandon Wales said in a statement Sunday. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”