The US Department of Energy (DoE) said on Thursday it was responding to a cyber breach on its networks. The incident is part of a massive hack campaign that has struck at least two other US government agencies.
Malware "has been isolated to business networks only," an Energy Department spokeswoman Shaylyn Hynes said in a statement.
Nukes not affected
She denied an earlier report by US media outlet Politico that the attack had impacted US national security, including the National Nuclear Security Administration, which manages the country's nuclear weapons stockpile.
Software that DoE officials identified as being vulnerable to the attack has been disconnected from the department's network, Hynes added.
The nation's cybersecurity agency on Thursday warned that the hack presented a "grave" risk to government and private networks.
Federal agencies and "critical infrastructure" were put at risk by the sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message.
Homeland Security, the agency's parent department, defines critical infrastructure as any "vital" assets to the US or its economy. This includes power plants and financial institutions.
Fears over widespread network access
According to officials cited in the Politico report, hackers did more damage to networks at the DoE's Federal Energy Regulatory Commission, or FERC, than any other branch of the agency. It also said the department's Sandia and Los Alamos labs were hacked.
FERC regulates the transmission of gas and power between states but has no control over the US or regional power grids.
Senator Deb Fischer, a Republican who is the chair of the subcommittee that oversees nuclear forces, said she was confident in the security of US nuclear weapons but was "troubled" that hackers accessed NNSA's network.
The hack "reinforces the need to modernize our nuclear enterprise in order to ensure it remains safe, secure, and effective in the face of evolving threats," said Fischer, who has requested a briefing from the DoE.
What do we know about the SolarWinds breach?
Hackers accessed federal agencies through holes in software from US-based company SolarWinds. Malicious code was hidden in updates to its Orion software in March that could give hackers the same views as in-house IT crews. Some 18,000 SolarWinds' clients are thought to have downloaded the compromised updates.
The Department of Homeland Security said on Thursday the hackers also used other techniques to gain access to networks.
Russian hackers are believed to be behind the attack.
In addition to the DoE, two federal departments, the US Treasury and the Department of Commerce, have been hit.
Further US government departments, including the Defense and Justice departments, are assuming that the nonclassified networks have been accessed.
Microsoft also affected
Microsoft on Thursday said it detected a malicious version of the software from SolarWinds inside the company. Its investigation so far showed no evidence hackers had used Microsoft systems to attack customers, reported news agency Reuters.
"Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed," a Microsoft spokesperson said, adding that the company had found "no indications that our systems were used to attack others."
kmm/sms (Reuters, AP, AFP)