US Treasury and US NTIA hacked

[German]According to a report, the U.S. Treasury Department and another U.S. agency responsible for Internet and telecommunications have fallen victim to a sophisticated cyber attack. Suspected government hackers were able to pull documents. Addendum: It seems, that a backdoor in Solarwinds' products was the vulnerability used for the hacks.


In this article, news agency Reuters cites a person in charge of the matter. According to the article, a hacker group, (presumably) supported by a foreign government, has succeeded in a sophisticated cyber attack on the U.S. Treasury Department as well as the U.S. agency responsible for Internet and telecommunications.

U.S. Treasury hacked

The hackers stole information from the U.S. Treasury as well as the second U.S. agency (the Commerce Department's National Telecommunications and Information Administration division, which is affiliated with the Department of Commerce). The Guardian quotes National Security Council spokesman John Ullyot, who confirmed the hack:

The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation.

The site has more information or access to different source. Three people familiar with the investigation said that it is currently believed that Russia is behind the attack. Two of the sources state that the hacks are part of a broad campaign that includes the recently revealed hack of security firm FireEye (see FireEye hacked, Red Team tools stolen). According to, the Department of Commerce has also confirmed that one of its departments was hacked. These hacks are considered so serious that there was a meeting of the National Security Council at the White House on Saturday, one of the people familiar with the matter reported to A source said:

This is a much bigger story than the hack of a single government agency. This is a huge cyber espionage campaign targeting the U.S. government and its interests.

According to my information, the hackers penetrated the NTIA's Microsoft Office 365 office software. Employee emails at the agency had been monitored by the hackers for months.


The hack poses a major challenge to the new administration of President-elect Joe Biden. U.S. administration employees are investigating what information was stolen and trying to figure out what it will be used for. It is not unusual for large-scale cyber investigations to take months or years to complete.

There is concern within the U.S. intelligence community that the hackers who targeted the Treasury Department and the Commerce Department's National Telecommunications and Information Administration are using a similar tool to break into other government agencies. At least that's what four sources familiar with the matter knew to report. The individuals did not say which other agencies were threatened.

Addendum: It seems, that a backdoor in Solarwinds' products was the vulnerability used for the hacks. I've addressed the details within the blog post SolarWinds products with SunBurst backdoor, cause of FireEye and US government hacks?

Cookies helps to fund this blog: Cookie settings

This entry was posted in Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *