Today, U.S. Senator Ron Wyden said dozens of U.S. Treasury Department official email accounts have been hacked by the SolarWinds supply chain attack.
The statement comes after the U.S. Treasury Department and Internal Revenue Service (IRS) informed committee staff about the SolarWinds supply chain attack.
While there is no evidence that the IRS itself or any taxpayer data was compromised in this ongoing hacking campaign, the senator said: “The hacking of the U.S. Treasury Department appears to be serious.”
According to Treasury Department staff, the agency suffered a severe hack that began in July, the scope and depth of which is unknown. “Microsoft has notified the Treasury Department that dozens of email accounts were compromised,” said Wyden, a senior member of the Senate Finance Committee.
Wyden added: “The SolarWinds hacker also compromised systems at the U.S. Department of the Treasury Department’s office, which is home to the highest-ranking Treasury Department officials. But the Treasury Department still doesn’t know what the hackers did or what information. stolen.”
A growing list of victims
After the SolarWinds supply chain attack came to light, multiple organizations made the list of victims along with companies like FireEye, Microsoft, and VMware.
Microsoft recently discovered that this series of ongoing attacks compromised the networks of more than 40 of its customers, 80 percent of which were from the United States and 44 percent in the IT industry.
However, of the above enterprises, only FireEye was targeted in the second stage of the attack, and the attackers stole information from their systems (FireEye’s tracking code is UNC2452, and Volexity’s tracking code is Dark Halo).
Currently, it also includes U.S. states and government agencies that have confirmed breaches of their networks:
National Telecommunications and Information Administration (NTIA)
US State Department
National Institutes of Health (NIH) (part of the U.S. Department of Health)
U.S. Department of Homeland Security (DHS)
U.S. Department of Energy (DOE)
National Nuclear Security Administration (NNSA)
Certain U.S. states (specific states not disclosed)