Dozens of email accounts at the US Treasury Department have been hacked in an alleged wide-ranging espionage campaign against US government agencies, a senator said Monday.
Senator Ron Wyden, of Oregon said the hack “appears to be significant”, including through the compromise of dozens of email accounts and access to the departmental offices division of the Treasury Department, which was home to its highest-ranking officials.
Wyden, the most senior Democrat on Senate Finance Committee, said that, "Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen."
The US Treasury was among the earliest known agencies to have been affected in the massive breach that now encompasses a broad spectrum of US departments.
The hackers seized upon a Microsoft flaw to infiltrate the email system used by the Treasury Department’s senior leadership, The New York Times reported.
A Wyden aide said the hackers were able to access the Treasury officials' Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury's "single sign on" infrastructure - a service used in many organizations so that employees can access a variety of services with a single username and password, US media reported.
The senator said the breach began in July, but experts believe the overall hacking operation began months earlier.
The Treasury Department learned of the breach not from any of the government agencies whose job is to protect against cyber-attacks, but from Microsoft, which runs much of Treasury’s communications software, Wyden noted.
The US government and cyber-security experts are still struggling to find out the scope and consequences of the cyber-attack, which began when hackers subverted the Texas-based software company SolarWinds Corp and used the company as a springboard to jump deep into government and corporate networks.
SolarWinds Corp said up to 18,000 of its customers had downloaded a compromised software update that allowed hackers to spy unnoticed on businesses and agencies for almost nine months.
The Department of Homeland Security’s cyber-security arm said in a statement that the intrusion posed a “grave” risk to the US government and private networks.
US media have blamed Russia for the alleged espionage operation, while President Donald Trump downplayed the breach and raised the possibility that China might be involved. Top US officials - including Secretary of State Mike Pompeo - have blamed Russia, a charge the Kremlin strongly denies.
Washington said last week the significant hacking campaign had affected its networks and said the attack had been “ongoing”.
The attack is believed to be the biggest cyber-raid against American officials in years.
The Pentagon and State departments were also hacked as part of the alleged espionage attack.
“For operational security reasons, the Pentagon will not comment on specific mitigation measures or specify systems that may have been impacted,” spokesperson Russell Goemaere said. “The Pentagon is aware of the reports and is currently assessing the impact.”
US President-elect Joe Biden spoke forcefully about the hack, declaring that he and Vice-President-elect Kamala Harris “will make dealing with this breach a top priority from the moment we take office.”
“We need to disrupt and deter our adversaries from undertaking significant cyber-attacks in the first place,” he said. “There’s a lot we don’t yet know, but what we do know is a matter of great concern.”
Another US official, speaking Thursday on condition of anonymity, said the hack was severe and extremely damaging although the administration was not yet ready to publicly blame anyone for it.