Foreign hackers have breached the networks of the US Department of Energy and National Nuclear Security Administration, according to separate reports from Politico and Bloomberg. While there aren’t many details on what happened just yet, it’s believed at least three states were also hacked in connection to the cybersecurity attack.
Federal investigators have spent the last few days trying to piece together what happened. Officials at the two agencies, the latter of which maintains the country’s nuclear weapon stockpile, reportedly don’t know if the hackers were able to access anything. Moreover, it may take weeks before they have a sense of the full extent of the damage. It’s believed the hackers gained access to the networks through the software of SolarWinds, a company that sells IT management for a variety of public- and private-sector organizations. Reuters reports Microsoft may have been a victim as well.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Director of National Intelligence said in a joint statement. They haven’t identified a perpetrator yet, but cybersecurity experts Politico and Bloomberg spoke to say the incident has all the hallmarks of Russia’s intelligence services. The country has so far denied any involvement in the attack.
Russia’s APT29, which is also known as Cozy Bear, has been highly active over the last month. The state-sponsored group is linked to the recent Treasury Department and NTIA attacks. It’s also believed to have been behind the theft of cybersecurity firm FireEye’s tools. The attacks come at a time when the US doesn’t have much in the way of cybersecurity leadership. President Trump recently fired CISA director Christopher Krebs for publicly debunking unsupported claims about voting system fraud. The country is also without a top cybersecurity official.