The scale of the SolarWinds supply chain compromise by ‘Russian’ hackers continues to be assessed after a US Senator offered insight into the impact on the US government.

Reuters reported that US Senator Ron Wyden has this week revealed that dozens of email accounts at the US Treasury Department were compromised.

Senator Wyden is the most senior Democrat on the Senate Finance Committee, and his disclosure adds to the conclusion that the SolarWinds compromise could be one of the biggest spying operations against the US in history, and it went undetected for nine months.

SolarWinds compromise

Last week a ‘supply chain’ compromise of the Orion product from Texas-based SolarWinds by Russian government hackers was revealed to the world, and the scale of its attack is still being investigated.

Orion is widely used by governments and corporations, as it provides visibility as to what is happening on computer networks.

But unfortunately it seems that hackers were able to insert malicious code into an updated version of Orion.

The problem is that approximately 18,000 SolarWinds customers, including governments and corporations, installed the compromised updates onto their systems.

So far only a handful of organisations, including the cybersecurity company FireEye and three federal agencies – the departments of Commerce, Energy, Homeland Security, and Treasury – have admitted having been seriously affected.

Microsoft has also admitted it found malicious software in its systems, but it is reported that Cisco, Intel, Nvidia, Belkin, and VMware have all had computers on their networks infected with the malware.

Spying campaign?

The concern is that internal email traffic at US government departments was compromised, and now Senator Wyden’s office has now admitted that the hack of the Treasury Department appears to have been a significant one, “the full depth of which isn’t known,” Reuters reported.

Wyden is reported as saying that Microsoft had notified the agency that dozens of email accounts had been compromised and that the hackers also penetrated the systems at Treasury’s Departmental Offices division, which is home to its top officials.

“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen,” the statement said, although it added that the Internal Revenue Service said there was no evidence the tax agency was compromised or that taxpayer data was affected.

It seems that the hackers were able to access the Treasury officials’ Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury’s “single sign on” infrastructure, Reuters reported.

The finger of blame is being firmly pointed at Russia by top US officials.

Indeed US Secretary of State Mike Pompeo and Attorney General Bill Barr blamed Russia for the espionage operation, but it should be remembered that it may be too soon to say for certain who is behind the breach.

Moscow has denied any involvement.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Twitter Confirms ‘Super Follow’ Option, For Paid Content

Money maker. Super follow feature coming soon on Twitter, will allow users to receive tips…

12 hours ago

Windows 10 ‘Sun Valley’ Promises Major Overhaul

OS refresh. Major update to six year old Windows 10 operating system, dubbed Sun Valley,…

15 hours ago

Oxford University Confirms Hack Of Biology Lab Studying Covid-19

NCSC investigates after hackers compromised one of the world’s top biology labs at Oxford University,…

17 hours ago

Consumer Group Which? Targets Qualcomm In Legal Action

Legal action against Qualcomm could result in 29 million UK 4G smartphone owners being entitled…

1 day ago

Google To Change Review Process Of Scientist Work

Executives at troubled Google AI research unit say they are working to retain trust, after…

1 day ago

NHS Challenged Over Data Contract With Palantir

Contract between NHS and data mining firm Palantir now at centre of lawsuit filed by…

2 days ago