The US Commerce Department confirmed Sunday it has been the victim of a data breach in an attack that is believed to be linked to Russia.
“We can confirm there has been a breach in one of our bureaus,” the Commerce Department said in a statement to CNN. “We have asked CISA and the FBI to investigate, and we cannot comment further at this time.”
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also confirmed the data security incident, telling CNN in a statement, “We have been working closely with our agency partners regarding recently discovered activity on government networks.”
“CISA is providing technical assistance to affected entities as they work to identify and mitigate any potential compromises,” the statement continued.
Reuters was first to report on the data breach.
The Washington Post reported Sunday that Russian government hackers targeted Commerce as well as the Treasury Department and other government agencies, according to people familiar with the matter who requested anonymity because of the sensitivity of the matter. The paper reported the FBI is investigating and that the same Russia-linked group breached the elite cybersecurity firm FireEye, which just last week disclosed an attack compromising the so-called “Red Team” tools it uses to protect cybersecurity clients, including government customers.
CNN has previously reported the Russian-affiliated group, known as APT29, as the suspected culprit behind the FireEye breach, citing a person familiar with the matter.
“It’s all related,” said a source familiar with the attacks on both FireEye and those reported Sunday. Russia has maintained a steady, aggressive cyber campaign against both the US public and private sectors.
“These sorts of attacks leveraging trusted relationships are extraordinarily difficult to detect and defend against in real-time,” the person said, adding that while the Commerce and Treasury Departments are the victims that have so far been identified, “there will no doubt be more.”
Last week, the National Security Agency published an advisory warning that Russian state-sponsored actors were accessing data on protected systems and called for various government networks, including the Defense Department’s, to be patched immediately.
The Treasury Department, the National Security Council, the FBI, National Security Agency and US Cyber Command did not immediately respond to CNN’s request for comment.
This story has been updated with additional reporting.