Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected

DOE joins a growing list of federal agencies that have been been affected by the hacking campaign
Department of Energy
(Getty Images)

The Department of Energy on Thursday said it had found malicious software related to the breach of contractor SolarWinds on the department’s IT networks, making it the latest federal agency to be swept up in a hacking campaign reportedly tied to Russia.

“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration,” Department of Energy spokeswoman Shaylyn Hynes said in a statement.

DOE joins a growing list of federal agencies, including the departments of Homeland Security and Treasury, that have been reportedly breached in the hacking campaign. The cyber activity, which The Washington Post reported is connected to a Russian intelligence service, has involved using tampered software from Austin-based SolarWinds, to gain persistence access to victim networks. SolarWinds’ software is also widely used in critical industries such as electricity, oil and gas, and manufacturing.

“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network,” Hynes added.


The Department of Homeland Security on Thursday said that the attackers are using other means, and not just the SolarWinds backdoor, to access victim networks. “[R]emoving this threat actor from compromised environments will be highly complex and challenging for organizations,” DHS’s Cybersecurity and Infrastructure Security Agency said in a public advisory.

The Russian government has denied involvement in the hacking campaign.

President-elect Joe Biden on Thursday said he had instructed his aides to learn everything they could about the hacking campaign, which could be one of the first big cybersecurity tests of his presidency.

The battle against the hackers is ongoing. Cybersecurity firm FireEye said on Wednesday that it had found a “killswitch” — or seized internet domain — that could be used to hamper the attackers’ ability to distribute the malware.

Politico reported earlier Thursday that the hacking campaign affected Department of Energy computer networks.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts