A massive cyberattack potentially orchestrated by Russia infiltrated the U.S. agency in charge of America's nuclear weapons stockpile, officials directly familiar with the matter tell Politico.
The perpetrator seemingly accessed U.S. government systems via malware implanted in SolarWinds' Orion network management program — a flaw the cybersecurity company FireEye discovered and publicized last week. It seems dozens of U.S. departments and agencies had downloaded the update and were compromised, including the the State Department, the National Institutes of Health, parts of the Pentagon, and notably, the Department of Homeland Security.
As Politico reports, that list also includes the Energy Department and its National Nuclear Security Administration, who reportedly found suspicious activity in networks belonging to some national labs, a field office, and the Federal Energy Regulatory Commission. As its name suggests, the NNSA maintains America's nuclear weapons stockpile. "The hackers have been able to do more damage at FERC than the other agencies," Politico reports, with officials saying they have "evidence of highly malicious activity" there.
DHS' Cybersecurity and Infrastructure Security Agency acknowledged the incident in Thursday threat announcement. The attack came from "an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence," and likely can access government networks in other undiscovered ways, CISA said. It's unclear just who is responsible, but reports suggest Russia's Foreign Intelligence Service is behind the incident.