White House confirms cyberattack report on U.S. Treasury by foreign government

White House confirms cyberattack report on U.S. Treasury by foreign government

The NSA met with the White House on Saturday regarding the matter

By Lucas Manfredi FOXBusiness

The U.S. government has acknowledged reports that hackers backed by a foreign government have breached the U.S. Treasury Department and an agency within the Commerce Department.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” National Security Council spokesman John Ullyot told FOX Business in a statement.

According to Reuters, the elaborate cyber hack was launched on the Treasury Department as well as the Commerce Department’s National Telecommunications and Information Administration, or NTIA, a U.S. agency that is tasked with crafting internet and telecommunications policy. Sources told the outlet that the hack was so serious it led to a National Security Council meeting on Saturday.

Hackers reportedly used the organization’s Microsoft Office 365 platform to monitor staff members emails for months.

A Treasury Deparment spokesperson deferred comment to the NSC. A spokesperson for the Commerce Department confirmed the breach, adding that it has “asked CISA and the FBI to investigate” but declining to comment any further.  A Microsoft spokesperson declined to comment to FOX Business.

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, said in a statement that the agency has been working closely with its partners regarding “recently discovered activity on government networks.”

“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” the spokesperson added.

An FBI spokesperson said it can “neither confirm nor deny details related to any ongoing investigation,” citing the agency’s standard practice.

The announcement comes less than a month after President Donald Trump fired Christopher Krebs, the nation’s top cybersecurity official. Krebs, who oversaw CISA, was responsible for leading the effort to protect U.S. elections.


https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network

CISA ISSUES EMERGENCY DIRECTIVE TO MITIGATE THE COMPROMISE OF SOLARWINDS ORION NETWORK MANAGEMENT PRODUCTS

Original release date: December 13, 2020 | Last revised: December 14, 2020

WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) tonight issued Emergency Directive 21-01, in response to a known compromise involving SolarWinds Orion products that are currently being exploited by malicious actors. This Emergency Directive calls on all federal civilian agencies to review their networks for indicators of compromise and disconnect or power down SolarWinds Orion products immediately.  

“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said CISA Acting Director Brandon Wales. “Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners—in the public and private sectors—to assess their exposure to this compromise and to secure their networks against any exploitation.”  

This is the fifth Emergency Directive issued by CISA under the authorities granted by Congress in the Cybersecurity Act of 2015. All agencies operating SolarWinds products should provide a completion report to CISA by 12pm Eastern Standard Time on Monday December 14, 2020.  

Berto Jongman: European SIGINT Maximator (5 + Israel) Overview

Maximator: European signals intelligence cooperation, from a Dutch perspective

This article is first to report on the secret European five-partner sigint alliance Maximator that started in the late 1970s. It discloses the name Maximator and provides documentary evidence. The five members of this European alliance are Denmark Sweden, Germany, the Netherlands, and France. The cooperation involves both signals analysis and crypto analysis. The Maximator alliance has remained secret for almost fifty years, in contrast to its Anglo-Saxon Five-Eyes counterpart. The existence of this European sigint alliance gives a novel perspective on western sigint collaborations in the late twentieth century.

Read full article.

Phi Beta Iota: On closer reading it appears that Israel is a silent partner in this alliance.  The role of the alliances — and the CIA compromise of Crypto AG as used by the Argentinians — in helping the UK win a far away skirmish — is noteworthy.