The Politicus

Create | Share | Influence

Russian hacking group APT29, or Cozy Bear, is behind new hacks of US Treasury and Commerce

4 min read

The hack is seen as so significant that a National Security Council meeting was held at the White House on Saturday over it, according to Reuters.” Because having at Commerce, a former head of a bank known for Russian money laundering in Cyprus and a Treasury head who approved lifting financial sanctions on Russian oligarchs, couldn’t have any connection to covert attacks on the US government. And it’s not even the GRU, it’s the SVR this time. “Hackers broke into Microsoft’s Office 365 and monitored staff emails for months, according to report“

The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other U.S. government agencies, according to people familiar with the matter.
The FBI is investigating the campaign by a hacking group working for the Russian foreign intelligence service, SVR. The breaches have been taking place for months and may amount to an operation as long-running and significant as one that occurred in 2014-2015.
The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration.
All of the organizations were breached through a network management system called Solar Winds, according to three people familiar with the matter, who spoke on condition of anonymity because of the issue’s sensitivity. Solar Winds could not immediately be reached for comment.


It is not clear what information was accessed from the government agencies.
Reuters first reported the hacks of the Treasury and Commerce agencies Sunday, saying they were carried out by a foreign government-backed group. The SVR link to the broader campaign is previously unreported.
The matter was so serious it prompted an emergency National Security Council meeting on Saturday, Reuters reported.
“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said NSC spokesman John Ullyot. He would not comment on the country or group responsible.
APT29 has also been linked to attempts to steal coronavirus vaccine research.


The Washington Post reported last week that the Russian hacking group, APT29, breached the cybersecurity firm, FireEye, according to three people familiar with the matter.

At Commerce, the Russians targeted the National Telecommunications and Information Administration, an agency that handles internet and telecommunications policy, Reuters reported.…


— Chris Bing (@Bing_Chris) December 13, 2020

“This is the kind of thing when the Russians are able to penetrate very secure networks like this. It’s not just the government,” said Ken Dilanian. “It’s private entities that use the same software that are vulnerable. Look, the United States does this too. We are, as we speak, NSA hackers are trying to break into Russian and Chinese networks. It’s fair game, but it’s still a big deal when the Russian state government breaks into the Treasury Department and the Commerce Department and major U.S. corporations.”

When it comes to President Donald Trump retaliating against Russia, it’s unclear if there would be any retaliation as Trump has been known to protect Russia above all else. During a meeting with Russian President Vladimir Putin in Helsinki, Trump was asked if he talked to Putin about the 2016 hacks and garnered any details about his efforts to sow division in the U.S. ahead of the election.

“I will say this, I don’t see any reason why it would be,” Trump replied to reporters’ questions. His staff had to recant the statement saying the president meant the opposite.…


— Jorge Castañeda ☁ (@jcastanedacano) December 8, 2020


— Dr. emptywheel (@emptywheel) December 14, 2020


— Dr. emptywheel (@emptywheel) December 14, 2020


p class=”is-empty-p”>

Notify of

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Inline Feedbacks
View all comments

The Politicus is a collaborative political community that facilitates content creation directly on the site. Our goal is to make the political conversation accessible to everyone.

Any donations we receive will go into writer outreach. That could be advertising on Facebook, Twitter, and Reddit or person-to-person outreach on College campuses. Please help if you can:

Would love your thoughts, please comment.x