A Russia-based hacker group backed by the government is behind data breaches at the Treasury and Commerce departments and other US government agencies, The Washington Post reported.
The nation-state group was responsible for hacking the US State Department and the White House during the Barack Obama administration.
The group, known as APT29, or Cozy Bear, is also behind the attack on US-based cybersecurity firm FireEye, accessing its internal network and stole hacking tools the company uses to test the networks of its customers.
Several federal law enforcement agencies, including the FBI, are investigating the breach, the report said on Sunday.
The National Security Council also held an emergency meeting at the White House on Saturday regarding the incident.
During its investigation, FireEye found that the attacker targeted and accessed certain Red Team assessment tools that is uses to test its customers’ security.
“These tools mimic the behaviour of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers,” FireEye CEO Kevin Mandia said in a statement last week.
“None of the tools contain zero-day exploits. Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools,” Mandia added.
FireEye said it was investigating the attack in coordination with the Federal Bureau of Investigation (FBI and other key partners, including Microsoft.
Significantly, the same Russia-operated hacking group is targeting organisations involved in Covid-19 vaccine development.
Known targets of APT29 include the UK, the US and Canadian vaccine research and development organisations.