List of known U.S. Russian cyber-espionage victims grows, includes cybersecurity agencies


The list of U.S. government agencies breached in a sophisticated, months-long cyber-espionage campaign grew Monday to include the State Department, the National Institutes of Health, parts of the Pentagon, and notably, the Department of Homeland Security, The New York Times reports.
"The fact that the department charged with safeguarding the country from physical and cyber attacks was victimized underscores the campaign's significance and calls into question the adequacy of federal cybersecurity efforts," The Washington Post notes. The Treasury Department and Commerce Department were the first federal agencies discovered to have been infiltrated. Russia's Foreign Intelligence Service (SVR) is believed to have carried out the stealthy digital espionage.
Top cybersecurity firm FireEye, counterproductively targeted by the Russian hackers, discovered the breach and traced it back to malware slipped into the software update of SolarWinds' popular Orion network management program. SolarWinds said Monday that fewer than 18,000 of its 300,000 clients had downloaded the infected malware starting in March. U.S. investigators are scrambling to figure out what and how much data the cyber-spies stole over those nine months.
The Week
Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

Sign up for The Week's Free Newsletters
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.
FireEye's Charles Carmakal said his team thinks "the number who were actually compromised were in the dozens," but "they were all the highest-value targets." John Hultquist, manager of analysis at FireEye, said the U.S. is currently "shutting the door" created by the malware, but the hackers still have access and "there are a lot of information-security teams right now who are probably going to be working on this problem through Christmas." Their visibility into their own servers will be limited because they needed to shut down the compromised SolarWinds software they had used to monitor their networks.
Aside from the "embarrassing breaches" at the Pentagon and Homeland Security, "the National Security Agency — the premier U.S. intelligence organization that both hacks into foreign networks and defends national security agencies from attacks — apparently did not know of the breach in the network-monitoring software made by SolarWinds until it was notified last week by FireEye," the Times reports. "The NSA itself uses SolarWinds software."
A free daily email with the biggest news stories of the day – and the best features from TheWeek.com
Peter has worked as a news and culture writer and editor at The Week since the site's launch in 2008. He covers politics, world affairs, religion and cultural currents. His journalism career began as a copy editor at a financial newswire and has included editorial positions at The New York Times Magazine, Facts on File, and Oregon State University.
-
An introvert's dream? Flu camps that offer £4,400 to spend two weeks alone
Under The Radar A fortnight in isolation may not be as blissful as it sounds
-
Can Trump put his tariffs on stronger legal footing?
Today's Big Question Appeals court says 'emergency' tariffs are improper
-
Film reviews: The Roses, Splitsville, and Twinless
Feature A happy union devolves into domestic warfare, a couple's open marriage reaps chaos, and an unlikely friendship takes surprising turns
-
New York court tosses Trump's $500M fraud fine
Speed Read A divided appeals court threw out a hefty penalty against President Trump for fraudulently inflating his wealth
-
Trump said to seek government stake in Intel
Speed Read The president and Intel CEO Lip-Bu Tan reportedly discussed the proposal at a recent meeting
-
US to take 15% cut of AI chip sales to China
Speed Read Nvidia and AMD will pay the Trump administration 15% of their revenue from selling artificial intelligence chips to China
-
NFL gets ESPN stake in deal with Disney
Speed Read The deal gives the NFL a 10% stake in Disney's ESPN sports empire and gives ESPN ownership of NFL Network
-
Samsung to make Tesla chips in $16.5B deal
Speed Read Tesla has signed a deal to get its next-generation chips from Samsung
-
FCC greenlights $8B Paramount-Skydance merger
Speed Read The Federal Communications Commission will allow Paramount to merge with the Hollywood studio Skydance
-
Tesla reports plummeting profits
Speed Read The company may soon face more problems with the expiration of federal electric vehicle tax credits
-
Dollar faces historic slump as stocks hit new high
Speed Read While stocks have recovered post-Trump tariffs, the dollar has weakened more than 10% this year