Branches of the Department of Defense and the State Department were among the agencies hacked as part of a massive espionage attack aimed at the federal government by a nation state that came to light this week.
The New York Times reported that both agencies were among the groups successfully breached by hackers as part of the attack on IT company SolarWinds, an Austin, Texas, based organization that said this week that hackers had accessed its Orion software between March and June of this year.
SolarWinds counts all five branches of the military among its customers, along with many other federal agencies and 425 of the U.S. Fortune 500 companies.
Reuters first reported on Sunday that the company had been hacked by a nation state, and that the Treasury Department and a Commerce Department agency had been among those successfully breached. On Monday, reports emerged that the Department of Homeland Security (DHS) had also been successfully breached.
Defense Department spokesperson Russell Goemaere said in a statement to The Hill that “the DoD is aware of the reports and is currently assessing the impact.”
Goemaere pointed to guidance and directives recently issued by the National Security Agency and the Joint Force Headquarters Department of Defense Information Network to help agencies defend against cyber threats.
“For operational security reasons the DoD will not comment on specific mitigation measures or specify systems that may have been impacted,” Goemaere said.
A spokesperson for the State Department declined to comment Tuesday.
The Washington Post reported Sunday that a Russian military intelligence hacking group known as “Cozy Bear” was responsible. The same group was previously accused of hacking into the State Department during the Obama administration, and of targeting COVID-19 vaccine research earlier this year.
Secretary of State Mike PompeoMike PompeoOvernight Defense: US sanctions NATO ally Turkey over Russian defense system | Veterans groups, top Democrats call for Wilkie’s resignation | Gingrich, other Trump loyalists named to Pentagon board Trump imposes sanctions on Turkey over Russian defense purchases The fight for empowerment: Women in the Middle East and North Africa MORE on Monday described the incident as a “consistent effort by the Russians to try to get into American servers, not only those of government agencies but of businesses” during an interview with Breitbart News Radio on SiriusXM Patriot.
“We see this even more strongly from the Chinese Communist Party, from the North Koreans as well,” Pompeo said. “It’s an ongoing battle, an ongoing struggle to keep our systems safe, and I’m very confident the United States Government will keep our classified information out of the hands of these bad actors.”
The federal government began its response to the attacks over the past weekend, with the months-long espionage effort discovered as part of investigation into the breach of cybersecurity company FireEye that was announced last week.
Bloomberg News reported Tuesday that National Security Advisor Robert O’Brien had cut short a trip to the Middle East and Europe to return to the U.S. and address the massive cybersecurity incident, and that O’Brien planned to convene “high-level” meetings to respond to the attack over the next few days.
On Tuesday, the National Security Council (NSC) announced that a “cyber unified coordination group” had officially been stood up to respond to the incident. The group was formed as a result of an 2016 executive order from former President Obama that laid out the federal government’s coordinated response to a debilitating cyberattack.
“A Cyber Unified Coordination Group (UCG) has been established to ensure continued unity of effort across the United States Government in response to a significant cyber incident,” NSC spokesperson John Ullyot said in a statement tweeted out by the NSC on Tuesday.
“The UCG process…