US government agencies were ordered to scour their networks for malware and disconnect potentially compromised servers after authorities learned the Treasury and Commerce departments were hacked in a monthslong global cyberespionage campaign, discovered when a prominent cybersecurity firm learned it had been breached. In a rare emergency directive issued late Sunday, the Department of Homeland Security's cybersecurity arm warned of an "unacceptable risk" to the executive branch from a feared large-scale penetration of US government agencies that could date back to midyear or earlier, per the AP. "This can turn into one of the most impactful espionage campaigns on record," says cybersecurity expert Dmitri Alperovitch. The hacked cybersecurity company, FireEye, wouldn't say what party it suspected—many experts believe the operation is Russian—and noted that foreign governments and major corporations were also compromised.
News of the hacks, first reported by Reuters, came less than a week after FireEye disclosed that nation-state hackers had broken into its network and stolen the company's hacking tools. The apparent conduit for the Treasury and Commerce Department hacks, and the FireEye compromise, is SolarWinds, a hugely popular piece of server software used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple US federal agencies. The DHS directive says US agencies should immediately disconnect or power down any machines running the impacted software. Kremlin spokesman Dmitry Peskov said Monday that Russia had "nothing to do with" the hacking. The government's Cybersecurity and Infrastructure Security Agency said it was working with other agencies to help "identify and mitigate any potential compromises." (Read more Treasury Department stories.)