Political News

Early signs of a US government hack emerged months ago but were inconclusive

Posted December 18, 2020 7:48 p.m. EST

— US officials monitoring for cyber threats to the nation's critical infrastructure became aware several months ago of suspicious activity that's now been linked to one of the largest hacking operations in history, three sources familiar with the situation told CNN.

Despite these initial indicators, the tremendous scope of the espionage campaign and its sophistication only became clear last week, after the elite cybersecurity firm FireEye disclosed a devastating data breach on its own network.

The US government's early detection, which has not been previously reported, did not provide conclusive evidence that the government's networks had been compromised, but it was enough to worry top cybersecurity officials that potential vulnerabilities existed.

The revelation illustrates how a select few within the government's most classified corners grappled with early warning signs of the massive hack -- and launched into a months-long investigation that ended up uncovering links to the devastatingly sophisticated spying operation that has rocked Washington this week.

At least a half a dozen federal agencies are now known to have been targeted, including the Department of Homeland Security's cyber arm and the Departments of Agriculture, Commerce, Energy and State.

Investigators are still trying to determine what, if any, government data may have been accessed or stolen in the hack. The indicators identified during early detection efforts did not reveal evidence of a classified data breach, two sources told CNN.

Two sources described the suspicious activity detected months ago as a "backdoor-enabled persistent threat" consistent with the ongoing hacking effort disclosed this week, and added there is still no indication the hackers accessed classified systems or information.

At the time, officials probing the activity were unable to tie it to the specific IT management software that has been identified as a source of infection in other agencies.

The National Security Agency did not respond to CNN's request for comment. US CyberCommand declined to comment.

Our commenting policy has changed. If you would like to comment, please share on social media using the icons below and comment there.