Computers at the US Treasury – and possibly other federal agencies – have been the victims of hacking using legitimate software upgrades from Solar Winds.
On Sunday, Reuters reported that a group backed by a foreign government stole information from Treasury and a Commerce Department agency responsible for deciding Internet and telecommunications policy.
It’s still not clear if other agencies were also hacked.
The US Cybersecurity and Infrastructure Security Agency has said it is working with other agencies regarding recently-discovered activity on government networks.
The hackers are believed to have gained entry to the networks by tampering with updates released by SolarWinds, which serves customers at all levels of government.
This type of supply chain attack hides malicious code in the body of legitimate software updates provided to targets by third parties.
The Cybersecurity and Infrastructure Security Agency (CISA) has issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors.
The Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” says CISA acting director Brandon Wales.
“This directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners–in the public and private sectors–to assess their exposure to this compromise and to secure their networks against any exploitation.”
Last week, cybersecurity firm FireEye reported that hackers have broken into its network looking for offensive tools used to probe mostly government customers.