Energy Department finds SolarWinds-related malware on IT networks, says critical systems unaffected
The Department of Energy on Thursday said it had found malicious software related to the breach of contractor SolarWinds on the department’s IT networks, making it the latest federal agency to be swept up in a hacking campaign reportedly tied to Russia.
“At this point, the investigation has found that the malware has been isolated to business networks only, and has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration,” Department of Energy spokeswoman Shaylyn Hynes said in a statement.
DOE joins a growing list of federal agencies, including the departments of Homeland Security and Treasury, that have been reportedly breached in the hacking campaign. The cyber activity, which The Washington Post reported is connected to a Russian intelligence service, has involved using tampered software from Austin-based SolarWinds, to gain persistence access to victim networks. SolarWinds’ software is also widely used in critical industries such as electricity, oil and gas, and manufacturing.
“When DOE identified vulnerable software, immediate action was taken to mitigate the risk, and all software identified as being vulnerable to this attack was disconnected from the DOE network,” Hynes added.
The Department of Homeland Security on Thursday said that the attackers are using other means, and not just the SolarWinds backdoor, to access victim networks. “[R]emoving this threat actor from compromised environments will be highly complex and challenging for organizations,” DHS’s Cybersecurity and Infrastructure Security Agency said in a public advisory.
The Russian government has denied involvement in the hacking campaign.
President-elect Joe Biden on Thursday said he had instructed his aides to learn everything they could about the hacking campaign, which could be one of the first big cybersecurity tests of his presidency.
The battle against the hackers is ongoing. Cybersecurity firm FireEye said on Wednesday that it had found a “killswitch” — or seized internet domain — that could be used to hamper the attackers’ ability to distribute the malware.
Politico reported earlier Thursday that the hacking campaign affected Department of Energy computer networks.
