A previously unreported breach reveals new details of Russian access to U.S. government communications.
Suspected Russian hackers stole thousands of State Department officials’ emails last year, according to two Congressional sources familiar with the intrusion, in the second known Kremlin-backed breach on the department’s email server in under a decade.
The hackers accessed emails in the department’s Bureau of European and Eurasian Affairs and Bureau of East Asian and Pacific Affairs, the congressional sources said. It does not appear at this point that the classified network was accessed, a third official said.
It is not clear whether the theft of State Department emails was part of the SolarWinds espionage campaign, in which Russian hackers burrowed into federal and private sector networks by exploiting a piece of software — developed by the IT company SolarWinds — that is used across the government and private sector. The State Department used SolarWinds software and was exposed in that breach, according to The Washington Post.
This specific incident has not been previously reported.
In response to questions about the hack, a State Department spokesperson said in a statement that “the Department takes seriously its responsibility to safeguard its information and continuously takes steps to ensure information is protected. For security reasons, we are not in a position to discuss the nature or scope of any alleged cybersecurity incidents at this time.”
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said in a statement that the White House is “not commenting on specific agencies.”
“Several federal agencies have been hacked in the last year,” she said. “As part of the Administration’s SolarWinds review, we discovered broad gaps in cybersecurity defenses across federal agencies. We identified five specific cybersecurity modernization areas, assessed agencies against them, and are implementing a Build Back Better plan to rapidly fund and roll out these technologies to remediate vulnerabilities and modernize our cybersecurity approach.”
The theft of the State Department emails indicates that the suspected Russian hackers have been able to access more U.S. government materials than was previously known to the public. The affected bureaus work on issues related to U.S. allies, including NATO, European and Indo-Pacific partners.
The Russian government has repeatedly weaponized and leaked stolen Americans’ private communications in efforts to sow discord — a strategy used infamously in the months before the 2016 presidential election.
The hack raises questions about the department’s cybersecurity practices — it is the second time in under 10 years that suspected Russian hackers are known to have breached the State Department’s email servers. Russian hackers also managed to penetrate State Department networks and White House computers in 2015. The Covid-19 pandemic exacerbated the risk because many federal employees worked remotely on less secure systems.
A spokesperson for the Russian embassy did not immediately respond to a request for comment.
The intelligence community has publicly accused the Kremlin of being behind the SolarWinds hack, which targeted at least nine federal agencies and dozens of private companies last year. In December, Kremlin spokesperson Dmitry Peskov denied that Russia was responsible for the hack, calling the accusations“baseless.”
The Biden administration, meanwhile, has revealed little about the scope of the SolarWinds hacking campaign as it grapples with how to mitigate the fallout. The administration’s response has so far been led by Deputy National Security Advisor for Cyber Anne Neuberger, but the White House has yet to nominate a national cyber director who would be responsible for coordinating a whole-of-government effort to deter future attacks.
State Department officials are not the only ones whose emails have been pilfered by the Russians in the last year. The hackers affiliated with the SolarWinds campaign also gained access to emails belonging to former senior Department of Homeland Security and Treasury Department officials. And they broke into networks belonging to the Energy Department and National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile.
It is just the latest in a series of Kremlin-backed hacks against U.S. targets. A year after targeting State and the White House, Russian hackers stole emails from the Democratic National Committee and former presidential candidate Hillary Clinton’s campaign chair, John Podesta. Russian hackers also targeted political candidates and election infrastructure in the 2018 midterm and 2020 presidential elections.
The U.S. has levied multiple rounds of sanctions against Russian government officials in an effort to deter hacks. And the Justice Department has charged Russian hackers with cyber crimes, including indictments last October of six Russian intelligence officers for allegedly targeting the 2018 Winter Olympics. The Biden administration is still weighing how to respond to the SolarWinds campaign, but it will likely include measures both “seen” — such as more sanctions — and “unseen,” such as offensive cyber operations, National Security Adviser Jake Sullivan told Bloomberg on Monday.
In the meantime, the administration is focusing on closing what one U.S. official described as “significant gaps in modernization and in technology of cybersecurity across the federal government.”
“We want to make the federal government a leader, not a laggard, in cybersecurity,” the official told reporters earlier this month. “And we know we need to be able to defend against the adversaries who pursue the nation’s diplomatic, law enforcement, and health efforts.”