A major cyber espionage attack has hit a number of U.S. federal agencies, including networks belonging to the National Nuclear Security Administration (NNSA) and Department of Energy (DOE), which are responsible for maintaining the country’s massive stockpile of nuclear weapons.
On Thursday, officials swiftly began coordinating notifications about the security breach to congressional oversight bodies following a briefing by DOE Chief Information Officer Rocky Campione, reports Politico.
Authorities were alarmed after suspicious activity was detected in a number of networks belonging to the Federal Energy Regulatory Commission (FERC) as well as the Sandia and Los Alamos national laboratories in New Mexico and Washington. Networks belonging to the Office of Secure Transportation and Richland Field Office of the Department of Energy were also reportedly breached.
Officials close to the incident claim that hackers were able to do more damage at FERC than the other networks, according to the report.
Authorities have scoured the networks to ascertain how much data has been accessed or stolen, but officials are still largely in the dark about the extent to which government networks have been compromised. According to the report, officials at DOE could take weeks to understand how much damage was wrought by the attacks.
It is believed that the attack on the Federal Energy Regulatory Commission could have been part of a broader attempt to disrupt the U.S. electric grid. While FERC isn’t involved in the direct management of power flows, the data it stores could potentially reveal the most critical locations in case of future attacks.
The National Nuclear Security Administration, on the other hand, is the key agency tasked with managing the U.S. nuclear arsenal, and its operations take up the bulk of the DOE budget. Likewise, the Sandia and Los Alamos laboratories are critical sites where atomic research related to both nuclear weapons and civil nuclear power takes place. The Office of Secure Transportation is in charge of moving enriched uranium and other material related to the maintenance of the U.S. nuclear stockpile.
Federal officials have expressed concern about the breach, which is feared to have impacted computer systems not only in the U.S. and across the globe. So far, Russian hackers tied to the country’s Foreign Intelligence Service (SVR) are being looked at as the most likely culprit. However, Moscow has denied any involvement in the attacks.
The attack on DOE networks appears to signal the potent threat posed by hackers even when they are up against core components of the U.S. national security enterprise.
It is believed that the hackers were able to compromise the federal networks by exploiting security flaws in the networking software sold by IT company SolarWinds, which has hundreds of clients across the U.S. government and the private sector.
On Thursday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an ominous warning about a significant computer intrusion, noting that it “poses a grave risk” to governments on the federal, state, and local levels.
On Wednesday, the FBI, CISA, and Office of the Director of National Intelligence issued a joint statement acknowledging their collaboration in an “ongoing” cybersecurity campaign, noting that they had only begun their work in earnest in recent days after learning of the incident.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the statement explained.