Canadian security officials are eyeing a significant hack south of the border that appears to have penetrated top U.S. government agencies and left officials there scrambling to limit the damage.
Reuters reported on Monday that the Department of Homeland Security, the Treasury Department, and the Department of Commerce were among thousands of business and government entities hit by the attack, which appears to have let the hackers monitor operations for nine months before being detected.
“CSE and its Canadian Centre for Cyber Security (Cyber Centre) are aware of media reporting about a major cyber incident affecting the U.S. Government,” said Evan Koronewski, spokesperson for the CSE.
“We are assessing the situation and continue to work with government partners, including Shared Services Canada, to ensure that our networks remain secure and no information has been compromised.”
Koronewski said the CSE’s Cyber Centre has issued both an alert to the public and bulletins privately to government and non-government partners advising of the incident.
But it’s not clear at this time whether any Canadian government systems may also be impacted.
The hack was first revealed on Sunday.
It appears to have been caused by downloads of software updates to a data management software called SolarWinds, which the hackers had corrupted with malicious code.
Multiple American media reports cite sources saying the breach there was so serious that officials convened an emergency meeting of the National Security Council.
Reuters cited three sources who pointed the finger at Russia.
The U.S. Cybersecurity and Infrastructure Security Agency issued a warning on Sunday following news of the hack, and urged federal agencies to look over their networks for signs of a breach and shut down the SolarWinds software products immediately.
“The compromise of SolarWinds’ Orion Network Management Products poses unacceptable risks to the security of federal networks,” said the agency’s acting director, Brandon Wales.
“Tonight’s directive is intended to mitigate potential compromises within federal civilian networks, and we urge all our partners — in the public and private sectors — to assess their exposure to this compromise and to secure their networks against any exploitation.”
The Canadian Cyber Centre has also laid out advice for businesses wanting to assess their risk but has not issued an emergency order akin to that from the American agency.