White House confirms cyberattack report on U.S. Treasury by foreign government
The NSA met with the White House on Saturday regarding the matter
By Lucas Manfredi FOXBusiness
The U.S. government has acknowledged reports that hackers backed by a foreign government have breached the U.S. Treasury Department and an agency within the Commerce Department.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot told FOX Business in a statement.
According to Reuters, the elaborate cyber hack was launched on the Treasury Department as well as the Commerce Department’s National Telecommunications and Information Administration, or NTIA, a U.S. agency that is tasked with crafting internet and telecommunications policy. Sources told the outlet that the hack was so serious it led to a National Security Council meeting on Saturday.
Hackers reportedly used the organization's Microsoft Office 365 platform to monitor staff members emails for months.
A Treasury Deparment spokesperson deferred comment to the NSC. A spokesperson for the Commerce Department confirmed the breach, adding that it has "asked CISA and the FBI to investigate" but declining to comment any further. A Microsoft spokesperson declined to comment to FOX Business.
The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, or CISA, said in a statement that the agency has been working closely with its partners regarding "recently discovered activity on government networks."
"CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” the spokesperson added.
An FBI spokesperson said it can "neither confirm nor deny details related to any ongoing investigation," citing the agency's standard practice.
The announcement comes less than a month after President Donald Trump fired Christopher Krebs, the nation’s top cybersecurity official. Krebs, who oversaw CISA, was responsible for leading the effort to protect U.S. elections.
CISA ISSUES EMERGENCY DIRECTIVE TO MITIGATE THE COMPROMISE OF SOLARWINDS ORION NETWORK MANAGEMENT PRODUCTS
Original release date: December 13, 2020 | Last revised: December 14, 2020
WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.
