The Department of Homeland Security (DHS) on Monday confirmed it is aware of “cyber breaches across the federal government” after the agency on Sunday said federal agencies were ordered to disconnect servers that might have been compromised.
“The Department of Homeland Security is aware of cyber breaches across the federal government and working closely with our partners in the public and private sector on the federal response,” Alexei Woltornist, the DHS assistant secretary for public affairs, said in a statement on Monday.
“As the federal lead for cyber breaches of civilian federal agencies, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency has already issued Emergency Directive 21-01 to the federal government to address compromises related to SolarWinds.”
Hackers may have infiltrated federal government systems on SolarWinds server software that is used by government agencies and major corporations, officials said previously.
DHS’s Cybersecurity and Infrastructure Security Agency (CISA) previously warned that the “compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks” and “tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”
In a statement, SolarWinds CEO Kevin Thompson noted there was a possible vulnerability related to updates earlier this year to its Orion software. The firm added that it is working with federal law enforcement agencies and the U.S. intelligence community.
“We believe that this vulnerability is the result of a highly sophisticated, targeted, and manual supply chain attack by a nation-state,” he told The Associated Press in a statement.
Earlier on Sunday, the U.S. Department of Commerce confirmed there was a security “breach” in one of its bureaus.
“We can confirm there has been a breach in one of our bureaus,” a Commerce Department spokesperson told The Epoch Times. “We have asked CISA and the FBI to investigate, and we cannot comment further at this time.”
And FireEye, a cybersecurity firm, wrote that it found a “global intrusion campaign” described as “widespread.”
“The actors behind this campaign gained access to numerous public and private organizations around the world,” the firm said in a blog post.
“The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East. We anticipate there are additional victims in other countries and verticals. FireEye has notified all entities we are aware of being affected,” according to the post.
The alleged hacking incident was first reported by Reuters.