Has the U.S. government been hacked again ? According to Reuters on the 14th, the National Telecommunications and Information Administration (NTIA) of the U.S. Treasury Department and Commerce have been hacked by foreign hackers.
At present, this news has been confirmed by the U.S. government, and the Federal Bureau of Investigation (FBI) and other agencies are involved in the investigation. Not surprisingly, many Western media pointed the mastermind behind Russia.
Sources revealed that hackers hacked Microsoft’s Office 365, the office software used by NTIA, causing internal mail transactions of the agency’s personnel to be monitored for months.
Another senior U.S. government official also said that there were signs that the surveillance of NTIA emails could be traced back to this summer, but it was only recently discovered.
According to a source, these hackers are “very sophisticated” and they can successfully deceive the authentication control system of Microsoft platform.
The incident was far from simple as an attack on a single agency, the source also said, “it was a massive cyber espionage campaign against the U.S. government and its interests.”
Four other sources also confirmed this statement.
They revealed that the U.S. intelligence community was worried that the incident was not isolated, and hackers who attacked the U.S. Treasury Department and NTIA used similar methods to invade other government agency networks. Several federal agencies, including the FBI, have intervened in the investigation, which is still in its infancy.
A source said that due to the serious situation, the National Security Council (NSC) also held a meeting at the White House on Saturday (12th).
At present, this incident has been confirmed by the U.S. government.
John Ullyot, spokesman of the National Security Council, responded in a statement, “The U.S. government has taken note of this matter. We are taking all necessary means to identify and resolve any possible issues related to this.”
The U.S. Department of Commerce also confirmed in a statement that their “one of the institutions was invaded”.
The statement said that the Department of Commerce has asked the Cyber Security and Infrastructure Security Agency (CISA) and the FBI of the U.S. Department of Homeland Security to investigate.
In response, a CISA spokesperson said the agency was already working closely with partners to investigate the matter, Fox Business Channel reported. CISA is providing technical assistance to entities affected by the incident to identify and mitigate any potential hazards.
The FBI said that they were “unable to confirm or deny the details related to the ongoing investigation”.
Although the U.S. government did not specify the origin of the hacker attack, Western media have labeled Russia.
According to Reuters, according to three sources familiar with the investigation, Russia is currently believed to be the mastermind behind the cyber attack. Another source said that behind the incident was “a government”.
The Washington Post also linked the incident to Russia in a report on the 14th.
According to the report, the cyber attack was involved in a hacker organization called “APT29” or “Cozy Bear” by private companies under the Russian intelligence agency, which invaded the networks of the U.S. State Department, the Joint Chiefs of Staff and the White House during the Obama administration.
Just last Tuesday (8th), FireEye, a large U.S. cybersecurity company, disclosed that its network had been invaded by APT29.
Reuters described the incident as a huge challenge to the incoming Biden administration, and large-scale online investigations often take months or even years to complete.
Government officials are busy investigating which information has been leaked and trying to confirm what the information will be used for.
It is worth mentioning that a week ago, Krebs, the former director of CISA, who has been out of office for more than half a month, hyped about cyber attacks.
At that time, Krebs claimed in an interview with the media that Russia, China, Iran and North Korea were trying to “steal” the intellectual property rights of the coronavirus vaccine through “espionage”.