The Department of Homeland Security confirmed on Monday that it was aware of a “cyber intrusion across the entire federal government.” The move came after the Department of Homeland Security revealed on Sunday that it had issued orders to federal agencies to disconnect servers that could be affected.
“DHS is aware of Cybersecurity and Infrastructure Security Agency breaches across the federal government and is working closely with our partners in the public and private sectors to address them,” the Agency said on Monday. “The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, the federal government agency charged with handling cyber attacks against federal civilian agencies, has issued emergency Directive no. 21-01 to federal agencies to address cyber intrations related to the software associated with SolarWinds.”
Hackers may have broken into the SolarWinds server software in federal systems that is used by government agencies and large corporations, officials said.
“The intrusion into the Orion network management system in SolarWinds poses an unacceptable risk to federal cyber security,” the Department of Homeland Security’s Cybersecurity and Infrastructure Safety Agency warned in a statement on Sunday. “Tonight’s directive is designed to mitigate any potential penetration within the federal government’s civilian networks. We urge all of our partners — both public and private — to assess their vulnerability to this cyber penetration and ensure that their networks are not subject to any further intrusions.”
In a statement, Kevin Thompson, the chief executive of SolarWinds, noted that a software update to Orion earlier this year may have been flawed. The company added that it was cooperating with federal law enforcement agencies and U.S. intelligence agencies.
“We believe this security breach is the result of a highly sophisticated and targeted software supply chain attack by a country,” the company told the Associated Press in a statement.
Earlier on Sunday, the Commerce Department confirmed that one of its units had been hit by a cyber attack.
“We can confirm that one of our units was breached,” a Commerce Department spokesman told CBS News. “We have asked the CYBERSECURITY and Infrastructure Security Agency and the FBI to investigate this, and we cannot comment further at this time.”
FireEye, the cyber security company, wrote in response that it had uncovered a “global [cyber] intrusion” that could be described as “extensive”.
“The people behind this operation have access to the networks of numerous public and private organizations around the world,” the company said in a blog post.
“Victims include governments, consulting, technology, telecommunications and extractive entities in North America, Europe, Asia and the Middle East. We expect to see more victims in other countries and regions. Fireeye has notified all entities we know are being affected.”
Over the past month, the Dominion Voting Systems used in the 2020 PRESIDENTIAL election in the US, which also appears to be using the software in SolarWinds, have been the subject of suspicion and scrutiny.
The hacking was first reported by Reuters.