US treasury suffers ‘serious’ cyber-attack

US treasury emails have been hacked by cyber criminals believed to be working for the Russian state, Reuters has reported.

According to Reuters, sources familiar with the matter said the cyber-attack was so serious that it led to a National Security Council meeting at the weekend.

National Security Council spokesman John Ullyot said it is “taking all necessary steps to identify and remedy any possible issues related to this situation.”

Although the US government has not openly identified who is behind the attack, three people familiar with the investigation said Russia was involved.

But in a statement on Facebook, the US Embassy of Russia denied that the country was involved, describing the allegation as “another unfounded attempt of the US media to blame Russia for hacker attacks,” adding that “malicious activities in the information space contradict the principles of Russian Foreign Policy.”

Reuters said that two people familiar with the attack said that the “breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.”

It’s believed that hackers got into the system by interfering with updates by IT company SolarWinds, which serves government customers across the executive branch, the military, and the intelligence services, according to two people familiar with the matter, Reuters said.

The hack works by “hiding malicious code in the body of legitimate software updates provided to targets by third parties.”

Kevin Bocek, vice president security strategy and threat intelligence at Venafi, commented on the attack: “It should come as no surprise that sophisticated hackers like those from Russia are seeking to infiltrate the US government. What is shocking is that adversaries are now abusing the trust that powers software updates to attack broad swaths of the US government and economy. These attacks will escape detection from state-of-the-art defence because they come with trusted machine identities that give them extreme trust. It's the same method that powered Stuxnet.

“What hackers have known – and many security teams not been aware of – is that developers must use machine identities to sign their code. But developers are easy prey. Once compromised these machine identities convey trust for every software update. This was the secret weapon in the Stuxnet attack and subsequently against Microsoft, Carbon Black, Asus, and many others. And this is the same technology that's used in the US Treasury makes sure Boeing and Airbus planes get trusted software updates just like your iPhone.”

    Share Story:

Recent Stories