There has been a lot of coverage lately about the Chinese government’s ability to use the likes of Huawei and ZTE to spy on the US but it seems that a different country may have successfully pulled that off instead. According to multiple sources, at least two US government agencies have had their emails snooped on by hackers who are believed to be backed by a nation-state, specifically Russia.
According to anonymous sources who were briefed on the matter, the US Treasury Department, as well as the National Telecommunications and Information Administration (NTIA) of the Commerce Department, may have been exposed to hackers who were able to keep track of internal emails. IT company SolarWinds, who owns the business software that may have been compromised for these attacks, revealed that their own software update may have been tampered with by hackers supported by a nation-state, though it doesn’t specifically name Russia. No parties have confirmed that it was, indeed, SolarWinds’ software that was used as a channel for this espionage campaign.
If it were indeed involved, it could be problematic for dozens of US government bodies as well as private companies. SolarWinds’ customers include Fortune 500 companies, the top US carriers, the US military, the NSA, and even the Office of the President. Making matters worse is that the spying could have been going on for months without these agencies and the US intelligence community knowing about it.
According to Reuter’s report, the NTIA intrusion happened via Microsoft Office 365 where staff emails may have been monitored by hackers for months. This wouldn’t be the first time Microsoft’s enterprise service would be involved in a high-profile data breach. Just last month, a hacker was reportedly selling Office 365 login credentials of C-level executives. That despite the platform’s advertised enterprise-grade security measures and authentication controls.
Russia’s alleged involvement in this spying incident comes at another pivotal moment in US history as the country transition from Trump’s administration to Biden’s. In 2016, Russia was also allegedly involved in meddling during the US elections, an issue that has not been completely resolved and concluded yet. The incoming government will now have to figure out what exactly was stolen during this breach and how it may be used by the actors involved.