US Congressional panels probing suspected Russia hacks

By Michael Hernandez

WASHINGTON (AA) - Two committees in the US House of Representatives announced Thursday that they are launching probes into hacks of at least a half-dozen federal agencies in which Russia is suspected to be culpable.

Homeland Security Committee Chairman Bennie Thompson and Oversight and Reform Committee Chairwoman Carolyn Maloney said that while federal investigations are ongoing, "this latest cyber intrusion could have potentially devasting consequences for US national security."

"Our Committees are seeking information related to the apparent, widespread compromise of multiple federal government, critical infrastructure, and private sector information technology networks," the chairs said in a letter to Acting Department of Homeland Security Secretary Chad Wolf, Director of National Intelligence John Ratcliffe and FBI Director Christopher Wray.

The sweeping hacks are believed to have affected the US Homeland Security, State, Treasury and Commerce departments, as well as the National Institutes of Health. The cyberattack, first reported by Reuters on Sunday, was based on an exploit of a little-noticed software company known as SolarWinds that provides services to government agencies.

The hackers were reportedly able to gain access to the government departments by hiding malicious code in software updates, a tactic commonly referred to as a “supply chain attack.”

The attack was part of what Reuters described as a "broad campaign" that included a hack on another government contractor, cybersecurity company FireEye.

Federal investigators have warned that it may take weeks or months to determine the total number of affected government agencies as well as "the extent to which sensitive data and information may have been compromised," the chairs said.

Thompson and Maloney asked Wray and Wolf to provide their committees "with any damage assessments of this attack, including interim analyses, as soon as practicable." They have asked for a classified briefing on the matter on Friday.

Microsoft was also hacked as part of the SolarWinds attack, Reuters separately reported Thursday. The company's products were then used for follow-on attacks on others.