US Government Exposed In Huge SolarWinds Hack | Surveillance Companies Infiltrate Ads Business | Covid-19 Vaccine Data Pilfered

Plus: Cybersecurity Company FireEye Believes It Was Hacked By A Foreign Government

A sprawling espionage campaign has been snooping on emails in at least two U.S. government agencies: the Commerce and Treasury departments. Fingers are pointing at Russia, even as Putin's foreign ministry is denying the allegations.

It's going to hit a lot of private and public sector organizations, as the hackers managed to compromise a software called SolarWinds Orion. It's supposed to help IT manage their networks with greater efficiency, but as early as spring this year, Orion updates included malware that may have let hackers spy on a vast number of companies and government agencies.

A large number of government agencies have purchased Orion, according to my review of federal contracts, with the Defense and Veterans Affairs departments spending millions on licenses as recently as August 2020. As the saying goes, don't put all your eggs in one basket. It turns out the U.S. government wasn't obeying that golden rule and it's going to make the fallout from this hugely-significant attack that much worse.

If you have any tips on government surveillance or cybercrime, drop me an email on tbrewster@forbes.com.

The Big Story

Top 5 Stories You Have To Read Today

The European Medicines Agency, a key regulator in the vaccine world, confirmed it was targeted by hackers and that data on the Pfizer and BioNTech Covid-19 treatment was stolen. No personal data of vaccine trial participants was affected, according to a Reuters report.

Huawei has been working on AI software that could identify Uighur minorities and alert Chinese authorities, according to a Washington Post report. It's feared the might of the tech giant is being used to support China's widely-criticized persecution of the Muslim minority group.

Spotify had to reset the passwords of an undisclosed number of users. A bug exposed information to some of its business partners, TechCrunch reported.

In another significant supply-chain hack, Israel's Calcalist revealed that a large number of the country's importers and logistics companies were hit in a cyberattack last weekend. The hack came via a hit on Amital Data, a supply chain software provider.

Cydia, one of the first ever app stores, is suing Apple, according to the Washington Post. It claims Apple holds a monopoly over app distribution because it bans third-party app stores. Cydia has only been able to stay alive by jailbreakers, hackers who remove Apple's security controls from iPhones and other iOS devices.

Winner Of The Week

Dragos, a cybersecurity startup focusing on protecting the grid and other critical infrastructure from digital attack, scored $110 million in a huge funding round. I profiled the company in its infancy, way back in 2016, and it's pleasing to see a company come good on its early promise.

Loser Of The Week

Whether or not Russia was behind the espionage campaign that sent the U.S. government into a spin this weekend remains to be seen. But its foreign ministry claiming, in response, that Putin's government "does not conduct offensive operations in the cyber domain," despite mountains of evidence suggesting otherwise, was disingenuous in the extreme.