In this post, we document the list of US Federal agencies known to have been breached by the SolarWinds hack.

Dec 13, 2020 1

  • Department of Treasury
  • Department of Commerce
    • National Telecommunications and Information Administration (NTIA). As per 2, personnel at NTIA had some awareness of the SolarWinds hack as far back as Aug 13, 2020.

Dec 14, 2020 3, 4, 5

  • Department of Homeland Security (DHS)
    • Cybersecurity and Infrastructure Agency (CISA) 6
  • Department of Defense (DOD)
    • Penatgon 7
  • Department of State
  • Department of Agriculture
  • Department of Health and Human Services (HHS)
    • National Institutes of Health (NIH)

Dec 17, 2020 8, 9

  • Department of Energy (DOE)
    • Office of Secure Transporation at National Nuclear Security Administration (NNSA)
    • Federal Energy Regulatory Commission (FERC)
    • Sandia national laboratory
    • Los Almos National laboratory
    • Richland field office

Jan 6, 2021 10

  • Department of Justice (DOJ)

Jan 7, 2021 11

  • Federal Courts

Feb 2, 2021 12

  • Department of Agriculture
    • National Finance Center. This breach exploits SolarWinds Orion but does not use SUNBURST; further, the attacker is of chinese origin and unrelated to UNC2452; finally as per (13, 14) it appears that the chinese attackers exploited SUPERNOVA to breach the National Finace Center.

Mar 29, 2021 15

  • Cabinet Secretaries
    • Acting Secretary DHS Chad Wolf: email
    • Secretary Dan Brouillette: schedule

References

  1. https://www.politico.com/news/2020/12/13/federal-agencies-hacked-444970 

  2. https://krebsonsecurity.com/2021/04/did-someone-at-the-commerce-dept-find-a-solarwinds-backdoor-in-aug-2020/ 

  3. https://www.politico.com/news/2020/12/14/massively-disruptive-cyber-crisis-engulfs-multiple-agencies-445376 

  4. https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html 

  5. https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html 

  6. https://www.zdnet.com/article/microsoft-was-also-breached-in-recent-solarwinds-supply-chain-hack-report/ 

  7. https://www.businessinsider.com/list-of-the-agencies-companies-hacked-in-solarwinds-russian-cyberattack-2020-12 

  8. https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855 

  9. https://www.politico.com/newsletters/politico-nightly/2020/12/17/the-big-hack-what-we-know-what-we-dont-491184 

  10. https://www.politico.com/news/2021/01/06/solarwinds-hackers-justice-department-email-455478 

  11. https://www.cyberscoop.com/solarwinds-hack-us-courts/ 

  12. https://www.reuters.com/article/idUSKBN2A22K8 

  13. https://www.wired.com/story/solarwinds-hack-china-usda/ 

  14. https://www.cyberscoop.com/solarwinds-orion-vulnerabilities-trustwave/ 

  15. https://apnews.com/article/solarwinds-hack-email-top-dhs-officials-8bcd4a4eb3be1f8f98244766bae70395