Hackers backed by foreign government reportedly steal info from US Treasury

Cyberattack also targets Commerce Department’s telecommunication division; sources say officials concerned similar method may have been used to breach other government agencies

The US Treasury Department building viewed from the Washington Monument in Washington, September 18, 2019. (Patrick Semansky/AP)
The US Treasury Department building viewed from the Washington Monument in Washington, September 18, 2019. (Patrick Semansky/AP)

A group of hackers backed by a foreign government stole information from the US Treasury Department as well as another agency that decides policy for internet and telecommunications, Reuters reported Sunday, citing sources familiar with the development.

The hackers also targeted the Commerce Department’s National Telecommunications and Information Administration.

Three people who were briefed on the matter said that there is now concern that the hackers may have used a similar method to break into other government agencies, according to the report.

One of the sources said the incident was considered so severe that it prompted a National Security Council meeting at the White House on Saturday.

The report did not say when the hack happened or which government is suspected of being behind it.

National Security Council spokesman John Ullyot said, “The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation.”

The government’s Cybersecurity and Infrastructure Security Agency said it has been working with other agencies “regarding recently discovered activity on government networks. CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises.”

The report came as it was revealed that hackers had targeted dozens of Israeli logistics companies earlier this month.

The attack hit Amital Data, which provides its Unifreight logistics software, and at least 40 of its clients.

No ransom has been demanded for the information — as was the case in a massive data theft from an Israeli insurance company earlier this month — and the identity of those behind the attack is not known.

Reports said Iran is believed to be the likely culprit.

Amital’s software is used in managing customs commissions, leading to concern that as a result of the attack there may be delays in the release of some shipments to Israel, in both the private and business sectors, Hebrew media reported.

There have been at least five suspected Iranian cyberattacks on the country during 2020, including one that targeted Israel’s water infrastructure.

Last Tuesday, prominent US cybersecurity firm FireEye said that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers. Those customers include federal, state and local governments and top global corporations.

The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them. He said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.

The Associated Press contributed to this report.

read more: