9 March, 2021

The internal email traffic at the U.S. Treasury and Commerce departments have been monitored by Russian hackers, Reuters announced. This is according to people familiar with the matter, adding they feared the hacks uncovered so far may be the tip of the iceberg.

U.S. officials have not said much publicly beyond the Commerce Department confirming there was a breach at one of its agencies and that they asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate.

In a statement posted here to Facebook, the Russian foreign ministry described the allegations as another unfounded attempt by the U.S. media to blame Russia for cyberattacks against U.S. agencies.

The breach presents a major challenge to the incoming administration of President-elect Joe Biden as officials investigate what information was stolen and try to ascertain what it will be used for. It is not uncommon for large scale cyber investigations to take months or years to complete.

There is concern within the US intelligence community that the hackers who targeted the Treasury and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, according to four people briefed on the matter.

“This is a much bigger story than one single agency,” said one of the people familiar with the matter. “This is a huge cyber espionage campaign targeting the US government and its interests.”

The cyber spies are believed to have gotten in by surreptitiously tampering with updates released by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter. The trick – often referred to as a “supply chain attack” – works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.