The White House on Sunday acknowledged reports that the U.S. Department of Treasury was hacked by a foreign government but offered few details about the cyber attack.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” John Ullyot, a National Security Council spokesman, said in a statement.
According to one report from Reuters News Agency, hackers “backed by a foreign government have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.”
“There is concern within the U.S. intelligence community that the hackers who targeted the Treasury Department and the Commerce Department’s National Telecommunications and Information Administration used a similar tool to break into other government agencies, according to three people briefed on the matter. The people did not say which other agencies,” Reuters reported.
The cyber attack prompted an emergency meeting of the National Security Council at the White House on Saturday, one of the people familiar with the matter told the news agency.
A Department of Commerce spokesperson also confirmed the hack to NBC News. “We can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate, and we cannot comment further at this time,” a spokesperson for Commerce told NBC.
Meanwhile, The Washington Post linked the hack to a group working for the Russian foreign intelligence service.
“The FBI is currently investigating the group, known among private-sector cybersecurity firms as APT29 or Cozy Bear,” NBC reported. “The hackers are also believed to have breached the State Department, Joint Chiefs of Staff and the White House networks during the Obama administration. The Russian group is also thought to have carried out the DNC break-in during the 2016 U.S. Presidential Election.”
The hackers targeted office software, Microsoft’s Office 365, and sources told Reuters staff emails were monitored for months. “The hackers are ‘highly sophisticated’ and have been able to trick the Microsoft platform’s authentication controls, according to a person familiar with the incident, who spoke on condition of anonymity because they were not allowed to speak to the press,” Reuters reported.
A Treasury Department spokesperson deferred comment to the NSC, Fox News reported. “A spokesperson for the Commerce Department confirmed the breach, adding that it has ‘asked CISA and the FBI to investigate’ but declining to comment any further.” Microsoft declined a request for comment.
“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” the spokesperson said.