Big blow of hackers: hands on the American Treasury

Violated the emails of the American Government thanks to a very sophisticated attack in more phases, that perhaps has been put in sign on behalf of a foreign State

A hacker attack of absolute gravity has been put in sign in the last days against the American Government, that is convinced that behind the operation there is a national State. According to cybersecurity experts, it would be the same group that also attacked FireEye, and the most likely hypothesis is that the hackers managed to "enter" by exploiting a security flaw in Microsoft Office 365.

The attack was so heavy that it required an emergency meeting of the National Security Council at the White House, which was held on Saturday, since the cybercriminals managed to get their hands even on the data of the Treasury Department and the Department of Commerce. In particular on the emails of the employees of the two ministries. To the Reuters news agency, National Security Council spokesman John Ullyot stated that "they are taking all necessary steps to identify and remedy any problems related to this situation." The attack, and its severity, are therefore officially confirmed.

What data did the hackers steal

It would appear that the main target of this hacker attack were emails from the staffs of the Treasury and Commerce departments. In particular those of the employees of the National Telecommunications and Information Agency (NTIA), that is the agency that belongs to the Department of Commerce and is responsible for regulating telecommunications. That is, even the 5G network.

According to what Reuters reported, hackers managed to breach the software used by NTIA staff, namely Microsoft Office 365, and monitor the agency's emails for months. Perhaps as early as the summer. Microsoft has not yet made any official statements about the incident. The attack was possible also thanks to the tampering of another software, provided by SolarWinds.

How the attack was carried out

Apparently, the mechanism that made the attack possible would be the "Supply Chan" technique: the systems of a supplier are hacked to reach the final target. The supplier in this case would be Texas-based IT company SolarWinds, whose clients include the government, military and intelligence services.

SolarWinds confirmed that updates to its monitoring software released between March and June of this year may have been modified with the inclusion of extraneous code by what it described as a "highly sophisticated, targeted and manual supply chain attack by a nation state."

Was it the Russians?

The U.S. government has not publicly identified who may have been behind the attack, but according to rumors Russia is currently believed to be the most likely culprit. This attack is believed to be linked to a broad campaign that has already targeted FireEye, a leading U.S. cybersecurity company with government contracts.

In a statement posted here on Facebook, the Russian Foreign Ministry described the accusations as an unfounded attempt by the U.S. media to blame Russia.