Accessibility links

Breaking News

U.S. Confirms Cyberattack Hit Government Networks, Says It's Ongoing

The U.S. Treasury Department, one of the U.S. government agencies believed to have been targeted by a massive cyberattack (file photo)
The U.S. Treasury Department, one of the U.S. government agencies believed to have been targeted by a massive cyberattack (file photo)

The U.S. government has confirmed that a recent cyberattack affected its networks and said the attack was "significant and ongoing."

A joint statement issued on December 16 by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) called it a “developing situation” and said investigators were continuing their work to fully understand its full extent.

"Over the course of the past several days, the FBI, CISA, and ODNI have become aware of a significant and ongoing cybersecurity campaign," the joint statement said.

“We know this compromise has affected networks within the federal government," the statement added.

The FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group to coordinate the U.S. government's response, the statement said.

Representatives of the National Security Agency, the Department of Homeland Security (DHS), and the FBI briefed members of Congress on December 16. Senator Dick Durbin (Democrat-Illinois) later told CNN that "this is virtually a declaration of war by Russia on the United States, and we should take that seriously.”

White House national-security adviser Robert O'Brien cut short a European trip earlier this week and returned to Washington to deal with the cyberattack, which was first reported on December 13. The government has not said how many agencies were hacked.

The DHS, the U.S. Treasury Department, and the U.S. Commerce Department were among those targeted, according to media reports quoting unidentified officials with knowledge of the cyberattack.

The Russian Embassy in Washington has denied any involvement, saying in a statement on December 14 that Russia “does not conduct offensive operations in the cyber domain.”

The technology company SolarWinds has said up to 18,000 of its customers downloaded a compromised update of its network management software that allowed hackers to spy unnoticed for almost nine months.

Customers of the little-known software company based in Texas include national governments and major corporations.

CISA has ordered federal agencies to stop using products made by SolarWinds, which said hackers from an "outside nation state" inserted malicious code into the update, which was issued between March and June this year.

The Pentagon said in a statement that it had so far found “no evidence of compromise” on its classified and unclassified networks from the “evolving cyber incident.”

A bipartisan group of U.S. senators has demanded to know more.

“Americans deserve to know the impact of this staggering cyberattack—& how Cozy Bear reportedly slipped into systems under our sleuths’ noses,” Senator Richard Blumenthal (Democrat-Connecticut) said, referring to a Russian hacking group. “With no sign of a timeline for disclosure, I’ll be demanding more facts.”

With reporting by Reuters and CNN
  • 16x9 Image


    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.