U.S. Nuclear weapons agency breached by hackers. Is America under attack by state-sponsored actors?
Is America under attack by state-sponsored actors? Just two days ago, the Cybersecurity and Infrastructure Security Agency (CISA) after the agency issued an Emergency Directive calling on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
Then a few hours later, it was reported that hackers successfully breached US government networks, including Treasury and Commerce departments. Now it turns out that the Nuclear weapons agency was among those breached by state-sponsored hackers.
In an exclusive report by Politico, hackers have accessed systems at the National Nuclear Security Administration (NNSA), the agency that maintains the U.S. nuclear weapons stockpile at the Los Alamos and Sandia labs. The Energy Department and National Nuclear Security Administration have evidence that hackers accessed their networks as part of an extensive espionage operation that has affected at least half a dozen federal agencies, according to Politico citing officials directly familiar with the matter.
“On Thursday, DOE and NNSA officials began coordinating notifications about the breach to their congressional oversight bodies after being briefed by Rocky Campione, the chief information officer at DOE.”
In a separate report, CISA said that the supply chain attack used to breach federal agencies and at least one private company poses a “grave risk” to the United States, in part because the attackers likely used means other than just the SolarWinds backdoor to penetrate networks of interest.
“CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.”
“This adversary has demonstrated an ability to exploit software supply chains and shown significant knowledge of Windows networks,” officials with the Cybersecurity Infrastructure and Security Agency wrote in an alert. “It is likely that the adversary has additional initial access vectors and tactics, techniques, and procedures (TTPs) that have not yet been discovered.” CISA, as the agency is abbreviated, is an arm of the Department of Homeland Security.
Per Politico, DOE and NNSA officials found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation and the Richland Field Office of the DOE. The hackers have been able to do more damage at FERC than the other agencies, the officials said, but did not elaborate.
Reuters reported on Tuesday that Russian government hackers were behind the cyber breach at US treasury and commerce departments. The hackers were able to break into Microsoft’s Office 365, monitored staff emails before stealing information used by the two U.S. departments.
The hackers, who are known as Cozy Bear or APT29, are reportedly the same group that hacked the White House and State Department under the Obama administration. For months, hackers have been able to monitor email traffic within the departments. At this point, there is no knowledge of how many other federal agencies may have compromised. The FBI is now investigating the hack, according to the Washington Post.
Politico said that federal investigators have been combing through networks in recent days to determine what hackers had been able to access and/or steal, and officials at DOE still don’t know whether the attackers were able to access anything, the people said, noting that the investigation is ongoing and they may not know the full extent of the damage “for weeks.