US government agencies were ordered to scour their networks for malware and disconnect potentially compromised servers after authorities learned that the Treasury and Commerce departments were hacked in a monthslong global cyberespionage campaign discovered when a prominent cybersecurity firm learned it had been breached.
In a rare emergency directive issued late Sunday, the Department of Homeland Security's cybersecurity arm warned of an "unacceptable risk" to the executive branch from a feared large-scale penetration of US government agencies that could date back to mid-year or earlier.
The hacked cybersecurity company, FireEye, would not say who it suspected - many experts believe the operation is Russian given the careful tradecraft - and noted that foreign governments and major corporations were also compromised.
News of the hacks, first reported by Reuters, came less than a week after FireEye disclosed that nation-state hackers had broken into its network and stolen the company's own hacking tools.
The apparent conduit for the Treasury and Commerce Department hacks - and the FireEye compromise - is a hugely popular piece of server software called SolarWinds. It is used by hundreds of thousands of organizations globally, including most Fortune 500 companies and multiple U.S. federal agencies that will now be scrambling to patch up their networks, said Alperovitch, the former chief technical officer of the cybersecurity firm CrowdStrike.
FireEye said it had confirmed infections in North America, Europe, Asia and the Middle East, including in the health care and oil and gas industry - and had been informing affected customers around the world in the past few days. It's customers include federal, state and local governments and top global corporations.