Suspected Russian hackers broke into U.S. government networks, including the Treasury and Commerce departments, in a major breach that may have been taking place for months.
National Security Council spokesperson John Ullyot said in a statement on December 13 that the government was “taking all necessary steps to identify and remedy any possible issues related to this situation.”
Reuters was the first report on the breach.
Officials familiar with the matter said the hackers targeted the Treasury Department and the Commerce Department’s agency responsible for deciding internet and telecommunications policy. There is also concern networks at other government agencies may have been compromised.
The situation is so serious the National Security Council gathered at the White House on December 12, Reuters reported.
“This is a much bigger story than one single agency,” one of the people familiar with the matter told Reuters. “This is a huge cyber espionage campaign targeting the U.S. government and its interests.”
Reuters and The Washington Post, citing U.S. officials, said Russian government hackers are currently believed to be behind the attack.
The Federal Bureau of Investigation, the Department of Homeland Security’s cybersecurity arm, and other agencies are investigating.
The breach, which also involved the hackers spying on internal email traffic at the targeted agencies, may have been taking place for months and only discovered now, officials said.
The revelation comes after U.S. cybersecurity firm FireEye on December 8 said that “a nation with top-tier offensive capabilities” broke into its network.
The hackers stole tools FireEye uses to test vulnerabilities in the computer networks of its customers, including federal, state, and local governments and top corporations.
Many in the cybersecurity community suspect the Russian intelligence-linked hacking group known as APT29, or Cozy Bear, was behind the FireEye attack.
The same group was behind attacks on the State Department and White House during the administration of President Barack Obama, as well as the hack of the Democratic National Committee’s servers during the 2016 presidential campaign.
With reporting by AP, Reuters, and The Washington Post.