SolarWinds hack hit Office Home to top Treasury Department officials

“According to Treasury staff, the agency has suffered a serious breach as of July, the full depth of which is unknown,” said Mr. Wyden. He added that the hackers had broken into systems of the Departmental Offices division, home to top Treasury officials.

Separately, since June, the hackers broke into about three dozen email accounts at the National Telecommunications and Information Administration, including accounts from the agency’s top leadership, according to a US official familiar with the matter. The NTIA is an agency within the Commerce department that deals with telecommunications and internet policy.

It was not clear what the hackers wanted to achieve by spying on NTIA emails, but it could range from general intelligence gathering to a massive email leak in the future, or material that could be used to more easily target future cyber attacks. to conduct, said the official. said, adding that “at least it’s a gold mine.”

The trade department did not immediately respond to a request for comment.

The details of the Treasury and Commerce breaches are among the first to specifically describe what investigators know about what was compromised in the suspected Russian cyber espionage operation.

US officials are still in the early stages of assessing the damage from the hack, but a growing number are linking the activity to Moscow. Attorney General William Barr said on Monday that he believed Russia was behind the SolarWinds hack, a statement that puts it in line with the assessments of top US officials but at odds with President Trump.

“From the information I have … it certainly appears to be the Russians,” Mr. Barr said at a news conference Monday.

Mr. Barr lent his name to the growing consensus among intelligence officials and cybersecurity experts that Russia is responsible for what is believed to be one of the worst ever hackers of federal computer systems. On Saturday, Secretary of State Mike Pompeo said, “We can say quite clearly that it was the Russians who were involved in this activity.”

But President Trump has downplayed the seriousness of the extensive cyber-espionage campaign, saying in a tweet on Saturday that China could be responsible. He didn’t explain.

On Monday, the White House National Security Council convened a secret interaction meeting with several cabinet secretaries, including Mr Mnuchin, and national security leaders to discuss what is known so far about the severity of the hack and how the damage could be addressed. official said.

Russia has denied responsibility for the breach.

It was not clear which officials were affected by the Treasury Department hack, but an employee of Mr. Wyden said the department did not believe Secretary Steven Mnuchin’s email account had been compromised. The department was notified by Microsoft of the dozens of compromised email accounts,

investigating the hack, Mr. Wyden said.

The Internal Revenue Service is not believed to have been violated in the attack, said Mr. Wyden after a meeting between Treasury officials and finance committee employees. The IRS is the largest Treasury bureau and one that protects sensitive taxpayer financial data; IRS officials have referred all questions to the Treasury Department.

The information provided on the depths of the Treasury and Commerce compromises provides a small window into the scope of the hack, which was made possible after hackers performed a routine software update from an Austin-based network management company called SolarWinds. Corp.

with malicious code.

SolarWinds has said it will trace the hackers’ activity back to at least October 2019 and that it is now working with security companies, law enforcement and intelligence agencies to investigate the attack.

The widespread federal government hack, described by officials as serious and ongoing, affected at least six cabinet-level ministries, including the State, Energy and Homeland Security Departments, as well as the National Institutes of Health, which is part of the Department of Health and Human Services.

IRS executives have long been concerned about potential breaches of the agency’s computer systems, which include information about criminal investigations and audits, along with Social Security numbers and financial records of hundreds of millions of Americans.

Sens. Wyden and Chuck Grassley, the Republican chair of the Senate Treasury Committee, sent a letter to the IRS last week asking for a briefing over concerns that taxpayers’ personal information could have been stolen. But investigators think the IRS was unharmed, Mr. Wyden said.

Once the hackers gained access to the Departmental Offices network, they were able to steal an encryption key used by Treasury that allowed them to forge credentials necessary to allow what appeared to be legitimate access to various cloud-hosted email accounts from Microsoft, an assistant to Mr. Wyden said.

After years of government officials advocating for encryption loopholes and ignoring warnings from cybersecurity experts who said encryption keys are becoming irresistible targets for hackers, the USG is now facing a breach where skilled hackers appear to be using the encryption keys from USG servers. steal ”, says Mr. Wyden said, using an acronym for the US government.

Earlier Monday, Mr Mnuchin declined to provide many details about the hack’s impact on the department, but confirmed there had been a breach. Mr. Mnuchin said his department was investigating but officials so far did not believe that the most sensitive information was being accessed by the hackers.

“At the moment we are not seeing any intrusion into our classified systems,” said Mr. Mnuchin during an interview on CNBC. “Our unclassified systems did have some access … We’re right on top of this.”

Monica Crowley, a spokeswoman for the Treasury Department, declined to comment on Mr Mnuchin’s comments on Monday evening.

—Sadie Gurman contributed to this article.

Write to Dustin Volz at [email protected] and Richard Rubin at [email protected]