Energy Department Hacked, ‘National Security Functions’ Not Impacted: Spokesperson

Energy Department Hacked, ‘National Security Functions’ Not Impacted: Spokesperson
SolarWinds Corp banner hangs at the New York Stock Exchange on the IPO day of the company in New York, on Oct. 19, 2018. (Brendan McDermid/Reuters)
Mimi Nguyen Ly

The Department of Energy said that it was hacked by malware injected into its networks after a SolarWinds update, but that its national security functions were not impacted, including the agency that manages the nation’s nuclear weapons stockpile.

“The Department of Energy is responding to a cyber incident related to the Solar Winds compromise in coordination with our federal and industry partners,” DOE spokeswoman Shaylyn Hynes said in a statement to The Epoch Times.

“The investigation is ongoing and the response to this incident is happening in real-time. At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission-essential national security functions of the Department, including the National Nuclear Security Administration (NNSA).

“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network.”

The NNSA, a semi-autonomous agency within the Department of Energy, oversees the country’s nuclear weapons stockpile and is responsible for strengthening the nation’s security through military application of nuclear energy and reducing the global threat from terrorism and weapons of mass destruction.

Sen. Deb Fischer (R-Neb.), chairman of the Subcommittee on Strategic Forces, said in a statement after the revelation that she has “great confidence in the safety and security of our nuclear weapons” but was “troubled by reports that hackers accessed the National Nuclear Security Administration’s network.”

“As the chairman of the subcommittee that oversees our nuclear forces, I have requested a briefing from the Department of Energy as soon as possible,” she added.

In a joint statement on Wednesday, three federal U.S. agencies confirmed that the recent hacking campaign has affected federal government networks and involved products from technology company Solarwinds. The FBI is now investigating the hack of SolarWinds technology, the statement said.

The FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) called the hacking campaign “significant and ongoing” and have formed a group called the Cyber Unified Coordination Group to respond to the hack.

SolarWinds technology is used by all five branches of the U.S. military and numerous government agencies. The SolarWinds Orion platform was compromised. The breach was achieved by inserting malware, or malicious code, into software updates for Orion, a widely used network management tool.

The United States Chamber of Commerce building in Washington in a 2009 file photograph. (Manuel Balce Ceneta/AP Photo)
The United States Chamber of Commerce building in Washington in a 2009 file photograph. (Manuel Balce Ceneta/AP Photo)
The Commerce Department confirmed to The Epoch Times on Dec. 13 that it had been hacked. The Treasury Department was also reportedly breached.
CISA said on Thursday that the hacking campaign is larger than previously known and that the alleged foreign actors gained backdoor access in more ways than through the SolarWinds software.
The “SolarWinds Orion supply chain compromise is not the only initial infection vector this advanced persistent threat actor leveraged,” CISA said in a statement on Thursday, noting that it has evidence of additional initial access vectors that are still being investigated. It also said that the hacking campaign started as early as March 2020.
CISA previously issued an emergency directive on Dec. 13, ordering all federal agencies to immediately disconnect Solarwinds Orion products and check their networks for signs of compromise.

According to the new joint statement on Wednesday, CISA is in regular contact with other government agencies, private entities, and international partners, and is providing technical assistance when asked and making information and resources available to help those affected recover quickly from the hack.

SolarWinds said on Dec. 14 in a filing to the Securities and Exchange Commission that it believes up to 18,000 customers had installed the compromised software update.

SolarWinds serves over 300,000 customers around the world. A partial customer listing that was taken offline showed that its customers include all five branches of the U.S. military, more than 425 of the U.S. Fortune 500, as well as the Office of the President of the United States.

The same list includes Dominion Voting Systems, a company that provides its voting equipment and software to 28 states and has become a focus of election fraud allegations across the United States. Dominion’s CEO John Poulos told state lawmakers in Michigan on Dec. 15 that the company has never used the SolarWinds Orion products.
A screenshot of Dominion Voting Systems' website shows use of SolarWinds software. (Screenshot/Dominion Voting Systems)
A screenshot of Dominion Voting Systems' website shows use of SolarWinds software. (Screenshot/Dominion Voting Systems)

But a screenshot of a Dominion webpage that The Epoch Times captured shows that Dominion does use SolarWinds technology. Dominion later altered the page to remove any reference to SolarWinds, but the SolarWinds website is still in the page’s source code.

A security researcher said that Solarwinds was warned in 2019 that its software update server could be accessed using a simple password.
Zachary Stieber and Jack Phillips contributed to this report.
Mimi Nguyen Ly covers U.S. and world news.
Related Topics