The Department of Energy said that it was hacked by malware injected into its networks after a SolarWinds update, but that its national security functions were not impacted, including the agency that manages the nation’s nuclear weapons stockpile.
“The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners,” DOE spokeswoman Shaylyn Hynes said in a statement to The Epoch Times.
“The investigation is ongoing and the response to this incident is happening in real-time. At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA).
“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”
The NNSA, a semi-autonomous agency within the Department of Energy, oversees the country’s nuclear weapons stockpile and is responsible for strengthening the nation’s security through military application of nuclear energy and reducing the global threat from terrorism and weapons of mass destruction.
Sen. Deb Fischer (R-Neb.), chairman of the Subcommittee on Strategic Forces, said in a statement after the revelation that she has “great confidence in the safety and security of our nuclear weapons” but was “troubled by reports that hackers accessed the National Nuclear Security Administration’s network.”
“As the chairman of the subcommittee that oversees our nuclear forces, I have requested a briefing from the Department of Energy as soon as possible,” she added.
In a joint statement on Wednesday, three federal U.S. agencies confirmed that the recent hacking campaign has affected federal government networks and involved products from technology company Solarwinds. The FBI is now investigating the hack of SolarWinds technology, the statement said.
The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) called the hacking campaign “significant and ongoing” and have formed a group called the Cyber Unified Coordination Group to respond to the hack.
SolarWinds technology is used by all five branches of the U.S. military and numerous government agencies. The SolarWinds Orion platform was compromised. The breach was achieved by inserting malware, or malicious code, into software updates for Orion, a widely used network management tool.
According to the new joint statement on Wednesday, CISA is in regular contact with other government agencies, private entities, and international partners, and is providing technical assistance when asked and making information and resources available to help those affected recover quickly from the hack.
SolarWinds serves over 300,000 customers around the world. A partial customer listing that was taken offline showed that its customers include all five branches of the U.S. military, more than 425 of the U.S. Fortune 500, as well as the Office of the President of the United States.
But a screenshot of a Dominion webpage that The Epoch Times captured shows that Dominion does use SolarWinds technology. Dominion later altered the page to remove any reference to SolarWinds, but the SolarWinds website is still in the page’s source code.
Friends Read Free