Hackers who targeted the federal government appear to be part of a Russian intelligence campaign aimed at multiple U.S. agencies and companies, including the cybersecurity company FireEye, officials said Sunday.
A Commerce Department spokesman confirmed a breach, saying it occurred at an unidentified bureau.
Department officials alerted the FBI and a cybersecurity agency within the Department of Homeland Security, the spokesman said, declining to comment further.
The White House National Security Council also confirmed that it was looking into another potential intrusion at the Treasury Department after Reuters reported that foreign government-backed hackers accessed internal government emails.
The hackers appear to have gotten access by first breaking into SolarWinds, an Austin-based company that provides remote information technology services to an long list of clients around the world, including a number of U.S. government agencies and major corporations.
The U.S. Cybersecurity and Infrastructure Security Agency issued a rare emergency directive Sunday night, instructing federal agencies to immediately stop using the version of SolarWinds products.
The company’s president and CEO, Kevin Thompson, said in an emailed statement: “We believe that this vulnerability is the result of a highly-sophisticated, targeted and manual supply chain attack by a nation state. We are acting in close coordination with FireEye, the Federal Bureau of Investigation, the intelligence community, and other law enforcement to investigate these matters. As such, we are limited as to what we can share at this time.”
In a filing to the Securities and Exchange Commission, SolarWinds reported that it had informed 33,000 customers that they may have been affected, and estimated that “fewer than 18,000” could have potentially been compromised.
The Washington Post first reported that the Russia’s Foreign Intelligence Service, or SVR, carried out the attack by hacking SolarWinds.
Among the SVR’s targets was FireEye, a major U.S. cybersecurity company with extensive government contracts, The Post reported. The company’s CEO said last week that it had been hacked “by a nation with top-tier offensive capabilities.”
A private cybersecurity official briefed on the matter confirmed the SVR’s involvement to NBC News.
FireEye CEO Kevin Mandia said the hackers’ primary goal appeared to be to steal information from the company’s government clients.
The Russian Embassy in Washington called news of the breach “groundless attempts by the American media to accuse Russia of hacking attacks on U.S. government bodies.”
“Attacks in the information space do not correspond to the foreign policy principles of our country, its national interests and understanding of how relations between states are built,” the statement continued, adding that Russia does not conduct “offensive operations in the virtual environment.”
It wasn’t clear how much information the hackers accessed, although the company said they obtained tools used by FireEye’s Red Team, the section tasked with defending against new cyberattacks.
The Post reported that the Commerce Department breach targeted Solar Winds, an information technology system used by tens of thousands of organizations. NBC News hasn’t independently confirmed the report.
The FBI and the National Security Agency declined to comment Sunday.
In a statement, the Homeland Security Department’s cybersecurity agency said it was investigating “recently discovered activity on government networks.”
The agency said it was providing technical assistance to help blunt potential compromises.