Foreign hackers may be running rampant in the US government. Reuters sources said a group backed by a foreign government stole data from the Treasury Department and the internet policy-focused NTIA. While details are still limited, it was reportedly serious enough to prompt a National Security Council meeting at the White House on December 12th. Reporter Chris Bing said on Twitter that the attackers took emails from both agencies.
Intelligence officials were concerned that the hackers used a similar method to breach other government bodies, the tipsters said. There weren’t any clues as to who was responsible.
National Security Council spokesman John Ullyot didn’t directly confirm the hacks, but said the government was “aware” of reports and was “taking all necessary steps” to pinpoint and resolve any security issues.
Regardless of how sensitive the data was, the apparent incidents would represent serious violations of government security. It’s also not a good look for the current US administration. As Bing noted, this came just weeks after President Trump fired election cybersecurity director Chris Krebs for publicly debunking unsupported claims about voting system fraud. There isn’t a top cybersecurity official, either. Simply speaking, it comes at a moment when US leadership against these kinds of attacks is at a low point.
Update 12/13 5:30PM ET: The Washington Post’s connections claim Russia’s APT29, also known as Cozy Bear, is linked to the Treasury and NTIA hacks. The state-backed group targeted the White House and State Department during President Obama’s tenure, and has been tied to attempts to steal COVID-19 vaccine research. The hacking campaign has supposedly been running for months.