WASHINGTON — U.S. government agencies were ordered Monday to scour their networks for malware and disconnect potentially compromised servers after authorities learned that the Treasury and Commerce departments were hacked in a monthslong global cyberespionage campaign discovered when the prominent cybersecurity firm FireEye learned it had been breached.
Monday afternoon the Department of Homeland Security itself was added to the list of agencies that have been compromised, according to the Washington Post. The list of victims is expected to grow and could include both more government agencies and private companies.
FireEye would not say who it suspected. But many experts believe the operation is Russian given the careful tradecraft.
FireEye says foreign governments and major corporations were also compromised. Federal agencies have long been attractive targets for foreign cyberspies.
The Department of Homeland Security's cybersecurity arm warned government agencies of an "unacceptable risk" the executive branch.
"SolarWinds Orion products (affected versions are 2019.4 through 2020.2.1 HF1) are currently being exploited by malicious actors. This tactic permits an attacker to gain access to network traffic management systems," the emergency directive issued Sunday night reads.
SolarWinds is a hugely popular piece of server software. It's used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies, which will now be scrambling to patch up their networks
SolarWinds also warned its customers Monday to quickly update their software, and said it was advised that the attack was “likely conducted by an outside nation state and intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack.”
A Kremlin spokesman said Monday that Russia had “nothing to do with” the hacking.