A recent hacking campaign of U.S. agencies, believed to be the biggest ever to be uncovered, impacted the Treasury Department’s unclassified systems, but the department has not seen any damage, Treasury Secretary Steven Mnuchin said in a CNBC interview on Monday.
“We do not see any breaking into our classified systems. Our unclassified systems did have some access,” Mnuchin said about the massive hack suspected to have been carried out by Russians. “I will say that the good news is there has been no damage, nor have we seen any large amounts of information displaced.”
Hackers who exploited an update to the ubiquitous SolarWinds Orion network management software accessed several U.S. government agencies, including the departments of Defense, State, Homeland Security, Energy, Treasury, and Commerce.
The victims are among as many as 18,000 SolarWinds customers around the globe who installed the malicious update. The hack was first reported by cybersecurity firm FireEye, itself a SolarWinds customer.
Believed to be the biggest hack ever uncovered, it has prompted the U.S. government to assemble a multi-department task force to respond to the threat.
Mnuchin told CNBC in the interview that addressing cyber threats “has been a big focus of the administration and within Treasury, we have a large group that is focused for cyber,” adding, “we have much needed resources in working in protecting the financial industry.”
The Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that the hacking campaign that targeted the federal government is larger than what was previously known.
The hackers gained backdoor access in more ways than through the SolarWinds software.
“CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” CISA said in a statement.
Microsoft said Thursday that it found the malicious software in its system. The company said around 30 of the affected customers were in the United States.
“It’s certain that the number and location of victims will keep growing,” Microsoft President Brad Smith said in a blog post.
SolarWinds, which serves the vast majority of Fortune 500 companies and major U.S. government agencies, is facing increased scrutiny after disclosing that it has been the subject of the hack.
A security researcher warned SolarWinds last year that its software update server could be accessed using the password: “solarwinds123.”
“This could have been done by any attacker, easily,” Vinoth Kumar, the security researcher, said about discovering the extremely weak password.
The company said in a Securities and Exchange Commission filing last week that it believes up to 18,000 customers installed updates of its Orion network, which experts say opened them up to an attack that centered around a malware known as SUNBURST.
“There has been significant media coverage of attacks on U.S. government agencies and other companies, with many of those reports attributing those attacks to a vulnerability in the Orion products. SolarWinds is still investigating whether, and to what extent, a vulnerability in the Orion products was successfully exploited in any of the reported attacks,” SolarWinds said in the filing.
SolarWinds serves over 300,000 customers around the world.
Ivan Pentchoukov, Jack Phillips, Zachary Stieber, and Reuters contributed to this report.