US Treasury Hacked

Updated ET, Sat ,

The US Commerce Department confirmed Sunday it has been the victim of a data breach.

"We can confirm there has been a breach in one of our bureaus," the Commerce Department said in a statement to CNN. "We have asked CISA and the FBI to investigate, and we cannot comment further at this time."

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency also confirmed the data security incident, telling CNN in a statement, "We have been working closely with our agency partners regarding recently discovered activity on government networks."

"CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises," the statement continued.

Reuters was first to report on the data breach.

The Washington Post reported Sunday that Russian government hackers targeted Commerce as well as the Treasury Department and other government agencies, according to people familiar with the matter, who requested anonymity because of the sensitivity of the matter. The paper reported the FBI is investigating and that the same Russia-linked group breached the elite cybersecurity firm FireEye, which just last week disclosed an attack compromising the so-called "Red Team" tools it uses to protect cybersecurity clients, including government customers.

The U.S. government has acknowledged reports that hackers backed by a foreign government have breached the U.S. Treasury Department and an agency within the Commerce Department.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot told FOX Business in a statement.

According to Reuters, the elaborate cyber hack was launched on the Treasury Department as well as the Commerce Department’s National Telecommunications and Information Administration, or NTIA, a U.S. agency that is tasked with crafting internet and telecommunications policy. Sources told the outlet that the hack was so serious it led to a National Security Council meeting on Saturday.

Hackers reportedly used the organization's Microsoft Office 365 platform to monitor staff members emails for months.

A Treasury Deparment spokesperson deferred comment to the NSC. A spokesperson for the Commerce Department confirmed the breach, adding that it has "asked CISA and the FBI to investigate" but declining to comment any further.  A Microsoft spokesperson declined to comment to FOX Business.

The same Russian government hacking group responsible for a security breach at FireEye compromised the Treasury and Commerce departments and other US government agencies, The Washington Post reported. The group, known as APT29, or Cozy Bear, was responsible for hacking the US State Department and the White House during the Obama administration, according to the Post, and is the group that officials believe targeted COVID-19 vaccine research over the summer.

Reuters reported that in addition to hacking Treasury and the Commerce Department’s National Telecommunications and Information Administration (NTIA), the hackers may have breached other US government entities.

Government officials considered the hack dire enough that the National Security Council held an emergency meeting at the White House on Saturday.

An NSC spokesman told Reuters that the government was “aware” of the reports, adding “we are taking all necessary steps” to remedy the situation. It’s not yet clear exactly what information may have been stolen or which foreign government was involved. But the “highly sophisticated” hackers were able to break into NTIA’s Microsoft Office software, tricking authentication controls in order to monitor staff emails for months, according to Reuters.

Hackers backed by a foreign government have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.

There is concern within the U.S. intelligence community that the hackers who targeted Treasury and the Commerce Department's National Telecommunications and Information Administration used a similar tool to break into other government agencies, according to three people briefed on the matter. The people did not say which other agencies.

"The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation," said National Security Council spokesman John Ullyot.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.

The breach presents a major challenge to the incoming administration of Joe Biden as officials investigate what information was stolen and try to ascertain what it will be used for. It is not uncommon for large scale cyber investigations to take months or years to complete.

( )