A new report reveals that hackers were able to infiltrate the U.S. Department of Energy and the National Nuclear Security Administration, which oversees the U.S. nuclear weapons arsenal. The cyberattack against the DOE and NNSA is part of a larger espionage operation that has affected at least half a dozen federal agencies, Politico's Natasha Bertrand reports.
The Energy Department's chief information officer Rocky Campione briefed the departments about the attacks on Thursday and both agencies are now coordinating to brief members of Congress on the status of their network security.
The full extent of the cyberattack may not be known "for weeks," officials said.
They found suspicious activity in networks belonging to the Federal Energy Regulatory Commission (FERC), Sandia and Los Alamos national laboratories in New Mexico and Washington, the Office of Secure Transportation and the Richland Field Office of the DOE. The hackers have been able to do more damage at FERC than the other agencies, the officials said, but did not elaborate.
Federal investigators have been combing through networks in recent days to determine what hackers had been able to access and/or steal, and officials at DOE still don't know whether the attackers were able to access anything, the people said, noting that the investigation is ongoing and they may not know the full extent of the damage "for weeks."
Spokespeople for DOE did not immediately respond to requests for comment.
The Sandia and Los Alamos National Labs conduct atomic research related to the development of nuclear power and nuclear weapons. The Office of Secure Transportation is responsible for moving enriched uranium and other materials needed to maintain the nuclear stockpile, Politico reports. As for the attack on the Federal Energy Regulatory Commission, Politico's report speculates that it was targeted to gain information that may help malicious actors find vulnerabilities in the nation's bulk electric grid.
The report emphasizes how seriously United States national security is threatened by foreign hackers who were able to infiltrate U.S. government computer systems by compromising software from IT company SolarWinds, which has hundreds of government and private-sector clients.
In a joint statement released Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and Office of the Director of National Intelligence (ODNI) confirmed the existence of a "significant and ongoing cybersecurity campaign."
"This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," the statement read.
In response to the threat, the FBI has launched investigations to "attribute, pursue, and disrupt the responsible threat actors," and CISA issued an emergency directive ordering federal civilian agencies to immediately shut down affected SolarWinds Orion products in their network.
The ODNI is coordinating a response from the U.S. Intelligence Community to share information across the United States government.