Energy Dept., nuclear weapons agency breached in 'remarkable' cyberattack

The Treasury Department was one of several federal agencies breached in an ongoing state-sponsored cyberattack. UPI/Roger L. Wollenberg
The Treasury Department was one of several federal agencies breached in an ongoing state-sponsored cyberattack. UPI/Roger L. Wollenberg | License Photo

Dec. 18 (UPI) -- The number of victims in an ongoing state-sponsored cyberattack continues to climb after the Department of Energy and the agency that oversees the nation's nuclear stockpile confirmed they were targeted.

Microsoft also said it has identified more than 40 customers that were breached in the cyberattack, which it described as "remarkable for its scope, sophistication and impact."


Earlier this week, the U.S. Cybersecurity and Infrastructure Security Agency confirmed the government had been targeted in a complex state-sponsored cyberattack that utilized a vulnerability in software developed by information and technology management company SolarWinds, which serves more than 300,000 customers, including hundreds of U.S. Fortune 500 companies, five branches of the U.S. military and several federal departments including the office of the president.

On Thursday, the Department of Energy confirmed that it and its National Nuclear Security Administration were among the departments infiltrated.


Shaylyn Hynes, Department of Energy spokeswoman, said in a statement that an investigation is underway, which "has found the malware has been isolated to business networks only, and has not impacted mission-essential national security functions," including the NNSA.

"Immediate action was taken to mitigate the risk," she said.

Sen. Deb Fisher, R-Neb, senior member of the Senate armed services committee, issued a statement of confidence in the safety of the nation's nuclear weapons following the announcement of the NNSA breach but said it is a cause for concern.

"Our nuclear deterrent is the bedrock of our national security," she wrote. "The NNSA's infrastructure and computer systems play a vital role and must be protected."

She said she has requested a briefing from the Department of Energy on the matter "as soon as possible."

The Departments of Commerce and Homeland Security as well as the Treasury had already been confirmed as victims of the attack.

However, CISA warned Thursday that "it is likely that the adversary has additional initial access vectors and tactics, techniques and procedures that have not yet been discovered."

Meanwhile, Microsoft President Brad Smith said in a blog post Thursday that "it is certain" the number of victims will continue to grow.


Smith said Microsoft identified more than 40 victims who use its Defender software and had installed the affected SolarWinds Orion program containing the malware. Of the customers identified, 80% were located in the United States.

"This latest cyber-assault is effectively an attack on the United States and its government and other critical institutions, including security firms," he said. "The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. government and the tech tools used by firms to protect them."

Customers in Canada, Mexico, Belgium, Spain, Britain, Israel and the United Arab Emirates were also victimized, he said, adding government agencies as well as security and technology firms and non-government organizations were the victims.

SolarWinds said it believes more than 17,000 of its customers had installed the software that contained the malware vulnerability, which was contained in two updates released in March and June.

The malware allowed the state-sponsored hackers, suspected to be Russian, to pick and choose from among those who installed it to attack. Microsoft did not state the Kremlin was behind the breach but that it reached "many national capitals outside of Russia."

The attack was uncovered by cybersecurity firm FireEye, which said governments, consulting firms, technology companies and telecoms had been victimized in North America, Asia and the Middle East.


FireEye described the attack as "top-tier operational tradecraft" consistent with "state-sponsored threat actors."

CISA on Thursday warned that the threat "poses a grave risk to the federal government and state, local, tribal and territorial governments as well as critical infrastructure entities and other private sector organizations."

Microsoft said it also "detected malicious SolarWinds binaries in our environment," which it has since removed, but did not find "evidence of access to production services or customer data."

"Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others," it said.

Sen. Mitt Romney, R-Utah, compared the attack to Russian bombers "repeatedly flying undetected over our entire country."

"Past time for a national security re-set that prioritizes cybersecurity capabilities and defenses," he said in a statement.

President Donald Trump has yet to mention the attack, but President-elect Joe Biden issued a statement on Thursday saying cybersecurity will be top priority at every government level once he's in power.

"Our adversaries should know that, as president, I will not stand idly by in the face of cyber assaults on our nation," he said.


Latest Headlines