Hackers target power grid and vaccine makers. Photograph:( AFP )
The United States Commerce Department on Sunday confirmed that it had been the victim of a data breach with links to Russia
The United States Commerce Department on Sunday confirmed that it had been the victim of a data breach with links to Russia.
Currently, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) are investigating the breach, as reported by CNN.
The hack is serious enough to have led to a National Security Council meeting at the White House on Saturday.
Reuters first reported the data breach, soon followed by The Washington Post which claimed that Russian government hackers targeted Commerce and Treasury departments, along with a few more government agencies.
National Security Council spokesman John Ullyot said that they "are taking all necessary steps to identify and remedy any possible issues related to this situation."
Additionally, the paper claimed that the same group hacked the elite cybersecurity firm FireEye, and that the FBI is now investigating the same. Last week, FireEye’s “Red Team” tools were compromised.
According to a CNN report, Russian group APT29 was behind the FireEye data breach.
Russia’s aggressive cybersecurity campaign against the US has targeted both the public and private sectors.
Many claim that even though the Commerce and Treasury department have been identified so far, many more victims will prop up.
According to an advisory released by the National Security Agency last week, Russia’s state-backed stakeholders were attempting to access data on protected government systems and urged for networks to be patched.
In a Facebook statement, Russian foreign ministry denied any such allegations, and claimed that this is another attempt by the US media to pin cyberattacks on Russia.
The hackers got access to data by tampering with updates provided by an IT company SolarWinds, which manages government data across the military, intelligence services, and the executive.
According to Reuters, the breach was undertaken using a “supply chain attack”, whereby malicious code is embedded into a legitimate software made by third parties.