Russian hackers broke into the network of US Treasury and Commerce and hacked the data. News of the hacks, first reported by Reuters, came less than a week after FireEye disclosed that foreign government hackers had broken into its network and stolen the company’s own hacking tools.
Who were the attackers?
The Russian hackers, known by the nicknames APT29 or Cozy Bear are said to be the part of hacking. The same Russian group hacked the State Department and the White House email servers during the Obama administration.
The FBI is investigating the case and had no comments till Sunday. The victims included government, consulting, technology, telecom, and oil and gas companies in North America, Europe, Asia and the Middle East, according to FireEye, a cyber firm that itself was breached.
The Russian Embassy in Washington on Sunday called the reports of Russian hacking “baseless.” In a statement on Facebook it said, “Attacks in the information space contradict Russian foreign policy and national interests. Russia does not conduct offensive operations.”
National Security Council spokesperson John Ullyot said in a statement that the government was taking all necessary steps to identify and remedy any possible issues related to this situation.
The level of damage done
Hackers were able to break into the State Department’s email system back in 2014. They infected it so thoroughly that it had to be cut off from the internet while experts worked to eliminate the damage done.
Reuters earlier reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding internet and telecommunications policy.
The Treasury Department deferred comment to the National Security Council. A Commerce Department spokesperson confirmed a “breach in one of our bureaus. We have asked CISA and the FBI to investigate.”
The motive for the attack on the agency and the Treasury Department remains elusive, two people familiar with the matter said. One government official said it was too soon to tell how damaging the attacks were and how much material was lost, but according to several corporate officials, the attacks had been underway as early as this spring, meaning they continued undetected through months of the pandemic and the election season.