Senator: SolarWinds hackers breached ‘dozens’ of Treasury email accounts
The fallout from a sweeping hacking campaign by suspected Russian operatives continued Monday as Sen. Ron Wyden said that the hackers had breached “dozens of email accounts” of officials at the Treasury Department.
The hackers “broke into systems in the Departmental Offices division of Treasury, home to the department’s highest-ranking officials,” Wyden said after Treasury officials briefed the Senate Finance Committee, where the Oregon Democrat serves as ranking member. “Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen.”
Multiple federal agencies, including the departments of Commerce and Homeland Security, are investigating breaches in the apparent espionage campaign, which has used tampered software made by federal contractor SolarWinds, but also has other vectors for breaking into systems.
The breach at Treasury began in July, and the full extent of it is still unknown, Wyden said in a statement. “Microsoft notified the agency that dozens of email accounts were compromised,” he said.
Asked for comment, a Treasury Department spokesperson referred CyberScoop to Treasury Secretary Steven Mnuchin’s comments to CNBC on Monday that the department had not “seen any large amounts of information displaced” because of the hack, and that the hackers had not broken into classified systems.
Wyden said that, according to the briefing, there was no evidence that taxpayer data at had been compromised.
The scope of the breach at the Commerce Department is gradually being revealed, too. The hackers breached some three dozen email accounts since June at Commerce’s National Telecommunications and Information Administration, a U.S. official familiar with the investigation said. It’s unclear what information they were after, but such email access could be valuable for espionage. The Wall Street Journal first reported on the scope of the NTIA email account breach.
“We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson said. “We have asked CISA [the Cybersecurity and Infrastructure Security Agency] and the FBI to investigate, and we cannot comment further at this time.”
Attorney General William Barr on Monday joined Secretary of State Mike Pompeo in saying evidence points to Russian involvement in the hacking campaign, contradicting President Donald Trump’s evidence-free claim that China could be responsible. Moscow has denied the allegations.
The scope of the potential compromise of the IT supply chain is staggering. Austin-based SolarWinds has numerous clients throughout the Fortune 500, and its software is used in critical infrastructure sectors such as electricity. Nonetheless, Kevin Mandia, whose cybersecurity firm FireEye discovered the hack, estimated that “only about 50 companies or organizations” were the true targets of the suspected intelligence operation.
While investigating the malicious seeding of SolarWinds software updates, researchers found evidence that a second hacking group had deployed code affecting SolarWinds software.