Suspected Russian hackers spied on U.S. Treasury emails
According to sources at the White House, the National Security Council met on Saturday to discuss a recent hack affecting US agencies and likely perpetrated by Russia. US officials have offered little further information besides confirming that there was a breach within the Commerce Department that is being investigated by the FBI and Cybersecurity and Infrastructure Security Agency. The breaches are interconnected with a recent hack on FireEye, a major US cybersecurity company and government contractor.
The Russian foreign ministry has denied the allegations, calling them an unfounded attempt by the US media to blame Russia for cyberattacks. However, vulnerabilities in SolarWinds, software used by the military, intelligence services, and the executive branch, may have been exploited to conduct the attacks. The threat actors likely carried out a supply chain attack by hiding malicious code in software updates. SolarWinds has confirmed that its software released between March and June of this year may have been tampered with.