The Treasury Department and the Commerce Department were both targeted in the intrusion, with a Commerce spokesperson saying "we can confirm there has been a breach in one of our bureaus. We have asked CISA and the FBI to investigate."
Security experts are concerned that the same targeted technology made by the Texas company SolarWinds is in use at the White House and the Pentagon, and the intrusion may have allowed Russians to look at communications between U.S. government officials for months. SolarWinds did not respond to an I-Team request for comment.
"Russia is relentlessly trying to invade America's cyberspace, and to compromise individual identities as well as critical and sensitive information," said IL Sen. Dick Durbin. "We can't be buddies with Vladimir Putin and have him at the same time making this kind of cyber-attack on America. This is virtually a declaration of war by Russia."
It may not just be an attack on government. Major companies may also have been targeted in the attack, as SolarWinds sells software to many Fortune 500 firms including some in Chicago. State governments, including Illinois, also use the technology.
A spokesperson for the Illinois Department of Innovation & Technology told the I-Team, "the State of Illinois Information Security Division is aware and monitoring the potential breach with Solarwinds. The state does use Solarwinds, but our systems have not been impacted."
The three primary agencies targeted in the attack released a joint statement as well Thursday. In their statement, the FBI, Cybersecurity and Infrastructure Security Agency (CSIA) and Office of the Director of National Intelligence (ODNI) said in part that the FBI is investigating "and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors. The FBI is engaging with known and suspected victims, and information gained through FBI's efforts will provide indicators to network defenders and intelligence to our government partners to enable further action.'
Full Statement from the FBI, CSIA and ODNI
Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign. Pursuant to Presidential Policy Directive (PPD) 41, the FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group (UCG) to coordinate a whole-of-government response to this significant cyber incident. The UCG is intended to unify the individual efforts of these agencies as they focus on their separate responsibilities. This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government.
As the lead for threat response, the FBI is investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors. The FBI is engaging with known and suspected victims, and information gained through FBI's efforts will provide indicators to network defenders and intelligence to our government partners to enable further action.
As the lead for asset response activities, CISA took immediate action and issued an Emergency Directive instructing federal civilian agencies to immediately disconnect or power down affected SolarWinds Orion products from their network. CISA remains in regular contact with our government, private sector and international partners, providing technical assistance upon request, and making needed information and resources available to help those affected recover quickly from this incident. CISA is engaging with our public and private stakeholders across the critical infrastructure community to ensure they understand their exposure and are taking steps to identify and mitigate any compromises.
As the lead for intelligence support and related activities, ODNI is helping to marshal all of the Intelligence Community's relevant resources to support this effort and share information across the United States Government.
To report suspicious or criminal activity related to information found in this statement, contact your local FBI field office at www.fbi.gov/contact-us/field. To request incident response resources or technical assistance related to this statement, visit https://www.us-cert.gov/report or email Central@cisa.gov.