The scope of a break into the email system used by senior leadership at the Treasury Department, according to a report Monday from The New York Times.that has penetrated both US federal agencies and private companies continues to be revealed. The hackers managed, among other things, to
The Treasury Department acknowledged it had “suffered a serious breach, beginning in July,” Sen. Ron Wyden reportedly said following a briefing for the Senate Finance Committee, adding that the “full depth” of the hack isn’t known. Wyden added that the department learned about the breach from Microsoft, which runs much of its communications software, according to the Times.
In addition to the Treasury Department, agencies believed to have been impacted by the widespread cyberattack include the departments of Homeland Security, State and Commerce, as well as the National Institutes of Health. The breach started with hackers compromising cybersecurity firm SolarWinds, which sells software that lets organizations see what’s happening on their computer networks. Dozens of private companies — including Microsoft, Cisco, Intel and FireEye — were also reportedly infected with the malware.
Last week, US national security agencies issued a joint statement calling the activity a “significant and ongoing hacking campaign.” Secretary of State Mike Pompeo and some cybersecurity experts have attributed the hack to Russia.
The Treasury Department declined to comment on the Times report but pointed to comments Secretary Steve Mnuchin made on CNBC on Monday about the cyberattack.
“Our unclassified systems did have some access,” Mnuchin said, adding that the department hasn’t seen any break-in into its classified systems. “I will say the good news is there’s been no damage, nor have we seen any large amounts of information displaced.”