Israeli companies at risk after suspected Russian hackers spied on U.S. Treasury emails

Hackers got into U.S. government systems by surreptitiously tampering with updates released by IT company SolarWinds, which also serves companies and governmental bodies in Israel

Raphael Kahan and Reuters 17:3814.12.20
The cyberattack on the U.S. Treasury and Commerce departments, believed to have been carried out by hackers working for Russia, is likely more widespread than initially believed.


It is still unclear whether organizations and companies in other countries were also breached, but it is believed that hackers got into U.S. government systems by surreptitiously tampering with updates released by IT company SolarWinds, which serves companies and governmental bodies in Israel, as well as government customers across the executive branch, the military, and the intelligence services, and hundreds of companies in the U.S. The trick - often referred to as a “supply chain attack” - works by hiding malicious code in the body of legitimate software updates provided to targets by third parties.


U.S. Treasury and Commerce headquarters. Photo: Getty U.S. Treasury and Commerce headquarters. Photo: Getty


In a statement released late Sunday, the Austin, Texas-based company said that updates to its monitoring software released between March and June of this year may have been subverted by what it described as a “highly-sophisticated, targeted and manual supply chain attack by a nation state.”


The company declined to offer any further detail, but the diversity of SolarWind’s customer base has sparked concern within the U.S. intelligence community that other government agencies may be at risk, according to four people briefed on the matter.


SolarWinds says on its website that its customers include most of America’s Fortune 500 companies, the top 10 U.S. telecommunications providers, all five branches of the U.S. military, the State Department, the National Security Agency, and the Office of President of the United States.


Prologic Ltd, which represents SolarWinds in Israel, said: "SolarWinds has announced that it has suffered a sophisticated cyberattack in which several updates of its Orion platform that were released between March 2020 and June 2020 were hacked. All the signs point to a nation state-backed attack which was intended to be a narrow, extremely targeted, and manually executed attack, as opposed to a broad, system-wide attack. In order to protect their work environment, clients of the Orion platform are requested to download as soon as possible the latest update released in the past few hours by SolarWinds. Full details can be found in this link.


"We at Prologic, together with our partners and network of integrators active around the solutions provided by SolarWinds in Israel, are at the service of the company's clients and will update our customers with any new information and guidance that we receive."


The hack is so serious it led to a National Security Council meeting at the White House on Saturday, one of the people familiar with the matter told Reuters.


U.S. officials have not said much publicly beyond the Commerce Department confirming there was a breach at one of its agencies and that they asked the Cybersecurity and Infrastructure Security Agency and the FBI to investigate.


The U.S. government has not publicly identified who might be behind the hacking, but three of the people familiar with the investigation said Russia is currently believed to be responsible for the attack. Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.


In a statement posted to Facebook, the Russian foreign ministry described the allegations as another unfounded attempt by the U.S. media to blame Russia for cyberattacks against U.S. agencies.