Hackers have reportedly entered the networks of US space agency NASA and the Federal Aviation Administration as part of a wider spy campaign targeting US government agencies and private companies.
The two agencies were named by The Washington Post on Tuesday, hours before a hearing by the Senate Intelligence Committee investigating the widespread cyberattack, which the previous Trump administration said was “likely of Russian origin.”
A NASA spokesperson did not dispute the report, but declined to comment, citing an “ongoing investigation.” An FAA spokesperson did not respond to a request for comment.
NASA and the FAA are believed to be the two remaining unnamed agencies of the nine government agencies confirmed to have been violated by the attack. The other seven include the departments of commerce, energy, homeland security, justice and state, the Treasury and the national institutes of health, although the attackers are not believed to have violated their classified networks.
FireEye, Microsoft, and Malwarebytes were among a number of cybersecurity companies also violated in the attacks.
The Biden administration is reportedly preparing sanctions on Russia, in large part because of the hacking campaign, the Post also reported.
The attacks were discovered last year after FireEye sounded the alarm about the hacking campaign after the breach of its own network. Each victim was a customer of the American software company SolarWinds, whose network management tools are used across the federal government and Fortune 500 companies. Hackers broke into SolarWinds’ network, implanted a backdoor in their software and pushed the backdoor to customer networks with a corrupted software update.
It wasn’t the only way to get in. Hackers have also reportedly targeted other businesses by breaking into other devices and devices on their victims ‘networks, as well as targeting Microsoft vendors to hack into other customers’ networks.
Last week Anne Neuberger, former NSA cybersecurity director who was elevated last month to the White House National Security Council to serve as deputy national security adviser for cyber and emerging technologies, said the attack took “months to plan and execute.” and “we’ll take some time to figure this out layer by layer.”