US Senator Ron Wyden said that dozens of US Treasury email accounts were compromised by the threat actors behind the SolarWinds hack.
The statement was issued after the US Treasury Department and the Internal Revenue Service (IRS) briefed the Committee staff on the SolarWinds supply chain attack.
While no evidence was found that the IRS itself or any taxpayers’ data was compromised as part of this ongoing hacking campaign, the senator said that “the hack of the Treasury Department appears to be significant.”
Dozens of Treasury email accounts breached
“According to Treasury staff, the agency suffered a serious breach, beginning in July, the full depth of which isn’t known,” Wyden, a ranking member of the Senate Committee on Finance, said. “Microsoft notified the agency that dozens of email accounts were compromised.”
The senator also added that the SolarWinds hackers also breached the systems in the Departmental Offices division of the US Treasury, a department that is the “home to the department’s highest-ranking officials.”
“Treasury still does not know all of the actions taken by hackers, or precisely what information was stolen,” Wyden added.
Treasury Secretary Steven Mnuchin also told CNBC when asked about the Treasury being hacked that Treasury has not yet found evidence of compromise of classified systems.
“I will say the good news is there’s been no damage, nor have we seen any large amounts of information displaced,” Mnuchin said.
Finally, after years of government officials advocating for encryption backdoors, and ignoring warnings from cybersecurity experts who said that encryption keys become irresistible targets for hackers, the USG has now suffered a breach that seems to involve skilled hackers stealing encryption keys from USG servers. — Senator Ron Wyden
List of SolarWinds victims slowly growing
After the SolarWinds supply chain compromise was discovered, multiple organizations disclosed that they were breached by the hackers including FireEye, Microsoft, and VMware.
Microsoft also found that the networks of over 40 of its customers were breached in this series of ongoing attacks, 80% of them from the US and 44% in the IT sector.
However, only FireEye was targeted for the second stage of the attack and had information stolen from its systems by the threat actors who orchestrated the attacks (tracked by FireEye as UNC2452 and by Volexity as Dark Halo).
The known list of organizations hit in the SolarWinds hack has slowly increased since the attack as new information is revealed while investigating forensic evidence.
At the moment it also includes US states and government agencies which have confirmed that their networks were breached:
- U.S. Department of the Treasury
- U.S. National Telecommunications and Information Administration (NTIA)
- U.S. Department of State
- The National Institutes of Health (NIH) (Part of the U.S. Department of Health)
- U.S. Department of Homeland Security (DHS)
- U.S. Department of Energy (DOE)
- U.S. National Nuclear Security Administration (NNSA)
- Some US states (Specific states are undisclosed)
Security researchers and cybersecurity have also shared several lists of SolarWinds victims over the weekend after cracking the malware’s domain generation algorithm (DGA).