SolarWinds: Dozens Of US Treasury Email Accounts Hacked

The scale of the SolarWinds supply chain compromise by ‘Russian’ hackers continues to be assessed after a US Senator offered insight into the impact on the US government.

Reuters reported that US Senator Ron Wyden has this week revealed that dozens of email accounts at the US Treasury Department were compromised.

Senator Wyden is the most senior Democrat on the Senate Finance Committee, and his disclosure adds to the conclusion that the SolarWinds compromise could be one of the biggest spying operations against the US in history, and it went undetected for nine months.

SolarWinds compromise

Last week a ‘supply chain’ compromise of the Orion product from Texas-based SolarWinds by Russian government hackers was revealed to the world, and the scale of its attack is still being investigated.

Orion is widely used by governments and corporations, as it provides visibility as to what is happening on computer networks.

But unfortunately it seems that hackers were able to insert malicious code into an updated version of Orion.

The problem is that approximately 18,000 SolarWinds customers, including governments and corporations, installed the compromised updates onto their systems.

So far only a handful of organisations, including the cybersecurity company FireEye and three federal agencies – the departments of Commerce, Energy, Homeland Security, and Treasury – have admitted having been seriously affected.

Microsoft has also admitted it found malicious software in its systems, but it is reported that Cisco, Intel, Nvidia, Belkin, and VMware have all had computers on their networks infected with the malware.

Spying campaign?

The concern is that internal email traffic at US government departments was compromised, and now Senator Wyden’s office has now admitted that the hack of the Treasury Department appears to have been a significant one, “the full depth of which isn’t known,” Reuters reported.

Wyden is reported as saying that Microsoft had notified the agency that dozens of email accounts had been compromised and that the hackers also penetrated the systems at Treasury’s Departmental Offices division, which is home to its top officials.

“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen,” the statement said, although it added that the Internal Revenue Service said there was no evidence the tax agency was compromised or that taxpayer data was affected.

It seems that the hackers were able to access the Treasury officials’ Microsoft-hosted inboxes after taking control of the cryptographic key used by Treasury’s “single sign on” infrastructure, Reuters reported.

The finger of blame is being firmly pointed at Russia by top US officials.

Indeed US Secretary of State Mike Pompeo and Attorney General Bill Barr blamed Russia for the espionage operation, but it should be remembered that it may be too soon to say for certain who is behind the breach.

Moscow has denied any involvement.