WASHINGTON—White House national security adviser Robert O’Brien has cut short a multicountry trip to Europe to return to the U.S. to address the suspected Russian hack of government agencies, signaling growing alarm within the Trump administration about a cyber espionage campaign considered potentially one of the most damaging in years.
The change of plans for Mr. O’Brien comes two days after it was disclosed that multiple federal agencies had been hacked as part of a global hacking campaign that is believed to have also ensnared private corporate networks across the globe.
“Ambassador O’Brien is returning to address the hacking incident,” John Ullyot, a spokesman for the National Security Council, said in a statement. Mr. O’Brien will hold meetings Tuesday evening and Wednesday morning and convene “a high level interagency meeting” this week, Mr. Ullyot said.
Mr. O’Brien had been scheduled to return Saturday after planned stops in Italy on Tuesday and visits later in the week to Germany, Switzerland and the U.K. He had already met with Prime Minister Benjamin Netanyahu in Israel and President Emmanuel Macron in France.
The hack continued for months, largely undetected by the Trump administration and cybersecurity firms, until the past week, according to people familiar with the matter. Current and former officials and cybersecurity experts have described the hack as an espionage operation rather than one aimed at damaging computer networks, and said it represents a significant counterintelligence failure.
The widespread hacking campaign appeared to have begun when hackers compromised systems belonging to SolarWinds Corp. , a U.S. network management company that boasts national security agencies, local governments, large corporations and defense contractors among its 300,000 customers.
As early as March, SolarWinds customers unwittingly installed malicious software as part of a routine and seemingly benign update issued for a software product known as Orion, according to the company. Investigators were trying to piece together how the hackers gained access to SolarWinds systems to introduce the malicious code.
That update, which would have been especially difficult to identify as a threat, contained what investigators called a back door that could have granted easy access to nearly 18,000 entities that downloaded it. Investigators expect the number of fully compromised entities to be smaller, perhaps totaling dozens or hundreds.
SolarWinds has said it is working with FireEye Inc., a U.S.-based cybersecurity firm that was also breached in the hacking campaign, and with intelligence and law-enforcement officials to investigate.
On Tuesday, investigators were still in the early stages of understanding the scope of the SolarWinds hack, but several agencies have confirmed intrusions into their internal systems, including the departments of State, Commerce, Treasury, Homeland Security and the National Institutes of Health, according to people familiar with the matter.
To streamline the federal response across agencies, the National Security Council has activated what is known as a Unified Coordination Group “to ensure continued unity of effort across the United States Government in response to a significant cyber incident,” the Council said on Twitter.
The seriousness of the hack has prompted bipartisan scrutiny from Congress. On Tuesday, three Republican and three Democratic senators jointly asked the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency to provide information on the hack investigation, including a list of all federal agencies that are a customer of SolarWinds and how the agencies intend to support businesses that may have been hacked. The FBI and CISA didn’t immediately comment.
Also on Tuesday, Sens. Sherrod Brown of Ohio and Ron Wyden of Oregon, the top Democrats on the Senate Banking and Finance committees, respectively, sent a letter to Treasury Secretary Steven Mnuchin asking for details on the severity of the hack and what steps Mr. Mnuchin’s department had taken to mitigate damage.
“These media reports suggest that these attacks were comprehensive and historic, and that these bad actors may have had access to critical U.S. government systems for many months,” the senators wrote.
The Treasury Department didn’t immediately respond to a request for comment about the letter.
Write to Dustin Volz at email@example.com
Appeared in the December 16, 2020, print edition as ‘White House Aide Returns To Address Agency Hacks.’