By Bonnie Kristian

National security agencies are investigating the extent and possible effects of a major cybersecurity breach, thought to be a Russian state-backed hack, affecting federal organizations—including Treasury, Commerce, and the Department of Homeland Security—and an as-yet unknown number of large corporations. The attack is one more reminder of our government’s need for a defense-focused cyber strategy instead of Washington’s current posture, which is too risky and leaves few resources for keeping state systems safe.

The public details of this week’s attack are still relatively few. The hackers are thought to be a Moscow-supported group known as APT29 or Cozy Bear, which was also involved in hacking the Democratic National Committee in 2016 and the State Department and White House email servers during the Obama administration. (Russia, predictably, has denied involvement and further claimed it does not “conduct offensive operations in the cyber domain” at all.)

Beyond the obvious data collection, the motive for the breach isn’t yet clear. The hackers were able to access internal departmental email traffic, but how much or how classified is still to be determined. This single attack has targets outside the federal government too because it was accomplished by compromising a widely used network management software. The corruption of that software, probably months-old and not isolated to U.S. entities, has been described as “top-tier operational tradecraft.”

This piece was originally published in Defense One on December 15, 2020. Read more HERE.