List of known U.S. Russian cyber-espionage victims grows, includes cybersecurity agencies

The list of U.S. government agencies breached in a sophisticated, months-long cyber-espionage campaign grew Monday to include the State Department, the National Institutes of Health, parts of the Pentagon, and notably, the Department of Homeland Security, The New York Times reports.

"The fact that the department charged with safeguarding the country from physical and cyber attacks was victimized underscores the campaign's significance and calls into question the adequacy of federal cybersecurity efforts," The Washington Post notes. The Treasury Department and Commerce Department were the first federal agencies discovered to have been infiltrated. Russia's Foreign Intelligence Service (SVR) is believed to have carried out the stealthy digital espionage.

Top cybersecurity firm FireEye, counterproductively targeted by the Russian hackers, discovered the breach and traced it back to malware slipped into the software update of SolarWinds' popular Orion network management program. SolarWinds said Monday that fewer than 18,000 of its 300,000 clients had downloaded the infected malware starting in March. U.S. investigators are scrambling to figure out what and how much data the cyber-spies stole over those nine months.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

FireEye's Charles Carmakal said his team thinks "the number who were actually compromised were in the dozens," but "they were all the highest-value targets." John Hultquist, manager of analysis at FireEye, said the U.S. is currently "shutting the door" created by the malware, but the hackers still have access and "there are a lot of information-security teams right now who are probably going to be working on this problem through Christmas." Their visibility into their own servers will be limited because they needed to shut down the compromised SolarWinds software they had used to monitor their networks.

Aside from the "embarrassing breaches" at the Pentagon and Homeland Security, "the National Security Agency — the premier U.S. intelligence organization that both hacks into foreign networks and defends national security agencies from attacks — apparently did not know of the breach in the network-monitoring software made by SolarWinds until it was notified last week by FireEye," the Times reports. "The NSA itself uses SolarWinds software."