By Dustin Volz and Richard Rubin
WASHINGTON -- Suspected Russian hackers compromised dozens of Treasury department email accounts and breached the office that houses its top officials, as part of a broad campaign targeting several critical federal government agencies, a senior senator said Monday.
The Treasury Department doesn't know all of the activity the hackers engaged in or precisely what information was stolen, Sen. Ron Wyden (D., Ore.), the ranking Democrat on the Senate Finance Committee, said in a statement to The Wall Street Journal.
"According to Treasury staff, the agency suffered a serious breach, beginning in July, the full depth of which isn't known," Mr. Wyden said. He added that the hackers had broken into systems belonging to the Departmental Offices division, home to Treasury's highest-ranking officials.
Separately, the hackers broke into about three dozen email accounts since June at the National Telecommunications and Information Administration, including accounts belonging to the agency's senior leadership, according to a U.S. official familiar with the matter. The NTIA is a bureau within the Commerce Department that works on telecommunications and internet policy.
It wasn't clear what the hackers were seeking to gain from spying on NTIA emails, but it could range from general intelligence gathering to a mass email leak in the future, or material that could be used to more easily wage future cyberattacks, the official said, adding that "in any case, it's a gold mine."
The Commerce Department didn't immediately respond to a request for comment.
The details about the Treasury and Commerce breaches are among the first to specifically describe what investigators know about what was compromised in the suspected Russian cyber espionage operation.
U.S. officials are still in the early stages of assessing the damage from the hack, but a growing number have linked the activity to Moscow. Attorney General William Barr said on Monday he believed Russia was behind the SolarWinds hack, a statement that puts him in accord with the assessments of top U.S. officials but at odds with President Trump.
"From the information I have...it certainly appears to be the Russians," Mr. Barr said at a press conference Monday.
Mr. Barr lent his name to the widening consensus among intelligence officials and cybersecurity experts that Russia is responsible for what is considered to be one of the worst ever hacks of federal computer systems. On Saturday, Secretary of State Mike Pompeo said "we can say pretty clearly that it was the Russians that engaged in this activity."
But President Trump has played down the severity of the vast cyber-espionage campaign, and said in a tweet Saturday that China could be responsible. He didn't elaborate.
On Monday, the White House National Security Council convened a classified interagency meeting with several Cabinet secretaries, including Mr. Mnuchin, and national security leaders to discuss what is known so far about the severity of the hack and how to address the damage, a U.S. official said.
Russia has denied responsibility for the breach.
It wasn't clear which officials were affected in the Treasury Department hack, but an aide to Mr. Wyden said the department didn't believe Secretary Steven Mnuchin's email account was compromised. The department was notified of the dozens of compromised email accounts by Microsoft, which is investigating the hack, Mr. Wyden said.
It isn't believed the Internal Revenue Service was breached in the attack, Mr. Wyden said following a meeting between Treasury officials and finance committee staff members. The IRS is the largest Treasury bureau and one that protects sensitive taxpayer financial data; IRS officials have referred all inquiries to the Treasury Department.
The information provided about the depths of the Treasury and Commerce compromises offers a small window into the scope of the hack, which was made possible after hackers laced a routine software update from an Austin-based network management company called SolarWinds Corp. with malicious code.
SolarWinds has said that it traced activity from the hackers back to at least October 2019 and that it is now working with security companies, law enforcement and intelligence agencies to investigate the attack.
The widespread hack of the federal government, which officials have described as grave and ongoing, hit at least six cabinet-level departments, including the State, Energy and Homeland Security departments, as well as the National Institutes of Health, which is part of the Health and Human Services Department.
IRS executives have long been worried about potential breaches of the agency's computer systems, which hold information about criminal investigations and audits, along with Social Security numbers and financial data on hundreds of millions of Americans.
Sens. Wyden and Chuck Grassley, the Republican chairman of the Senate Finance Committee, last week sent a letter to the IRS asking for a briefing due to concerns that personal taxpayer information could have been stolen. But investigators believe the IRS was unharmed, Mr. Wyden said.
Once the hackers gained access to the Departmental Offices network, they were able to steal an encryption key used by Treasury that enabled them to forge credentials necessary to gain what looked like legitimate access to several Microsoft cloud-hosted email accounts, an aide to Mr. Wyden said.
"After years of government officials advocating for encryption backdoors, and ignoring warnings from cybersecurity experts who said that encryption keys become irresistible targets for hackers, the USG has now suffered a breach that seems to involve skilled hackers stealing encryption keys from USG servers," Mr. Wyden said, using an acronym for the U.S. government.
Earlier Monday, Mr. Mnuchin declined to offer many details about the hack's impact on the department, but confirmed there had been a breach. Mr. Mnuchin said his department was investigating but that so far officials didn't believe the most sensitive information was accessed by the hackers.
"At this point we do not see any break-in into our classified systems," Mr. Mnuchin said during an interview on CNBC. "Our unclassified systems did have some access... We are completely on top of this."
Monica Crowley, a Treasury spokeswoman, declined to comment Monday evening beyond Mr. Mnuchin's remarks.
--Sadie Gurman contributed to this article.
Write to Dustin Volz at firstname.lastname@example.org and Richard Rubin at email@example.com