Russian hacker team reportedly attacked the internal emails of the U.S. Treasury and Commerce Department
Reuters quoted a number of people familiar with the matter and reported that the U.S. Treasury Department and the U.S. Department of Commerce recently confirmed that their departments have been hacked and may leak certain information.
The hacker team that launched this attack is suspected to be supported by Russia, and it should be the same as the national hacker team that attacked the US cybersecurity company FireEye.
The U.S. Department of Treasury and U.S. Department of Commerce use the Microsoft 365 government agency subscription version, but the hacker team seems to have successfully defeated Microsoft’s authentication system.
This also shows that this is not an ordinary hacker team, otherwise, it will not be easy to break the security defense system of Microsoft enterprise products, let alone long-term surveillance.
The report stated that the target of the attack was the US Telecommunications and Information Administration under the US Department of Treasury and the Department of Commerce, which is responsible for formulating Internet and telecommunications policies.
After the hacker successfully invaded the organization’s email activity traffic for several months, monitoring this traffic can detect what is being discussed within US government agencies.
A spokesperson for the National Security Council said that he is aware of the attack and is taking necessary measures to repair any possible problems related to the attack.
The U.S. Department of Commerce also stated that there are indeed network security vulnerabilities in its affiliates, and it has requested the Cyber Security and Infrastructure Security Agency and the FBI to intervene.
For the time being, it is basically true that hackers invaded through Microsoft 365, but the organization that was invaded may not only be the Telecommunications and Information Administration.
Microsoft’s investment in the security business is relatively high. Of course, no matter how secure the system is, there will be vulnerabilities, and if there are vulnerabilities, it may be attacked.
The current media report is that hackers invaded Microsoft products, but Microsoft is currently accompanying the investigation so it has not issued any response to this matter.
Some US officials who requested anonymity said that the cyber attack was not only a few months old, and there are signs that the attack and surveillance activities can be traced back to this summer.