Russian government hackers breached the Treasury and Commerce departments, along with other U.S. government agencies, as part of an international espionage campaign that stretches back months, according to people familiar with the matter The Washington Post reported Monday.
Officials scrambled over the weekend to discover the extent of the intrusions and impose countermeasures - but initial signs suggested the breach was long-running and significant, the people familiar with the matter said.
The Russian hackers are part of that country's Foreign Intelligence Service and breached email systems in some cases, said the people familiar with the intrusions, who spoke on the condition of anonymity because of the sensitivity of the matter. The same Russian group hacked the State Department and the White House email servers during the Obama administration.
The FBI is investigating the campaign and had no comment Sunday.
Cybersecurity experts familiar with the successful exploit said the Russians were able to read and monitor email traffic at both agencies for months. The commerce department confirmed the intrusion into the National Telecommunications and Information Administration - which decides internet and telecommunications policy for the country.
"We can confirm there has been a breach in one of our bureaus. We have asked (the Department of Homeland Security) and the FBI to investigate and we cannot comment further at this time," the department said in a statement.
The hack is considered so serious it led to a National Security Council meeting at the White House Saturday, according to sources quoted by several news organizations.
"This is a nation state," one expert said. He described the hackers as "highly sophisticated."
Experts said the Russians broke into the telecommunications and information administration's Microsoft's Office 365 software and tricked the platform's authentication controls into giving them entry. The intrusion allowed the Russians to monitor staff emails for months.
Reuters reported the Russians might have gained access to the administration through U.S. software developer SolarWinds Inc. On Sunday, SolarWinds said software updates released in March and June might have been tampered with in a "highly-sophisticated, targeted and manual supply chain attack by a nation state."
SolarWinds didn't admit the hack at Treasury occurred because of these updates but two people familiar with the investigation said the company was believed to be the channel hackers used.
