US Treasury And Commerce Departments Allegedly Infiltrated By Russia-Backed Hacker Group

hero hacker
Over the weekend, it was announced that a nation-state actor had breached SolarWinds’ Orion service as early as Spring of this year. The Orion platform is an all-in-one solution for IT administration and monitoring, among other utilities. It is used by companies and governments worldwide, and it appears that the U.S government was a target of interest in the attack. According to sources familiar with the situation, the nation-state actors have been monitoring email at the U.S Treasury and Commerce departments, but they may not be the only agency to be breached.

The SolarWinds Orion attack is being dubbed as “Sunburst” by security researchers at FireEye, a cybersecurity firm. They report that “Sunburst” works by a backdoor that was injected into Orion in a dynamic linked library (DLL) file called “SolarWinds.Orion.Core.BusinessLayer.dll.” After up to two weeks of being dormant, the backdoor would communicate over the HTTP protocol to external servers. The malicious traffic would disguise itself as legitimate SolarWinds communications while having the capability to “transfer files, execute files, profile the system, reboot the machine, and disable system services.” Basically, the malware could do whatever it wanted once it was on a network.
solarwinds orion platform
SolarWinds Orion Platform Tie-Ins

Evidently, the U.S Treasury and Commerce departments were using the SolarWinds Orion platform for their large IT needs. It seems that backdoor then allowed the malicious people, thought to be working for Russia, to monitor these departments' emails. It is unknown, however, how many other agencies and organizations were affected by the breach. SolarWinds’ website reports that following groups use the Orion platform among others:
  • U.S Army
  • U.S Air Force
  • U.S Navy
  • U.S Marine Corps
  • IC (Intelligence Community)
  • Other DoD agencies
  • U.S Census Bureau
  • U.S Dept. Of Justice
  • Oak Ridge Natl. Lab
  • Sandia Natl. Lab
  • U.S Dept. of Treasure
  • U.S Dept. of Veterans Affairs 
We will have to see how many of those groups were affected in the coming days. According to Reuters, a source reported that the “hack is so serious it led to a National Security Council meeting at the White House on Saturday.” As of now, there is not much detail out, so stay tuned to HotHardware as we get updates on this developing national situation.