Hackers suspected to be working for the Russian government have been monitoring emails at the U.S. Treasury Department and a U.S. agency responsible for deciding policy around the internet and telecommunications, Reuters reported, citing people familiar with the matter.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” John Ullyot, a spokesman for the National Security Council, said in a statement.
A Commerce Department spokesperson confirmed there was a breach “in one of our bureaus,” which Reuters identified as the National Telecommunications and Information Administration. The attacks were so concerning that the National Security Council met at the White House Saturday, Reuters reported.
The cyber-attacks against the U.S. government were part of a broader campaign that involved the recent hack of cybersecurity company FireEye, in which sensitive tools were stolen that are used to find vulnerabilities in clients’ computer networks, according to Reuters. The Washington Post reported that the Russian hacking group known as Cozy Bear, or APT 29, was behind the campaign. That is the same hacking group that was behind the cyber-attacks on the Democratic National Committee going back to 2015. It was also accused by U.S. and U.K. authorities in July of infiltrating organizations involved in developing a Covid-19 vaccine.
“We have been working closely with our agency partners regarding recently discovered activity on government networks,” said a spokesperson for the Cybersecurity and Infrastructure Security Agency, or CISA, part of the Department of Homeland Security. “CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”
The Treasury had no immediate response to questions.