U.S. intelligence agencies have warned that a “significant” cyberattack on several federal departments uncovered over the weekend remains ongoing as the government rushes to assess the extent of the breach.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the FBI, the director of national intelligence and the Cybersecurity and Infrastructure Security Agency (CISA) said in a joint statement late Wednesday.
The March attack on software created by Texas-based IT company SolarWinds — in which hackers installed malware — continued for months until it was discovered by cybersecurity company FireEye.
Both companies have pointed the finger at hackers linked to the Russian government. Hackers reportedly breached software used by the U.S. Treasury Department and the Commerce Department, allowing them to view internal email traffic.
The agencies did not confirm the targets of the cyberattack. U.S. Secretary of State Mike Pompeo also pointed to Moscow on Monday, saying the Russian government had made repeated attempts to breach U.S. government networks.
‘Up to 18,000 customers’
SolarWinds said up to 18,000 customers, which included government agencies and Fortune 500 companies, had downloaded the compromised software updates, allowing hackers to spy on email exchanges.
The content the hackers sought to steal — and how successful they were — remains unknown at this time.
The FBI said it has opened an investigation to identify and pursue those responsible for the hack.
After the attack was detected, CISA ordered federal agencies to power down the breached software.
The agencies have created a coordination unit and emergency talks are being held at the White House on a daily basis to discuss the government’s response.
U.S. National Security Adviser Robert O’Brien cut short a trip to the Middle East and Europe this week to deal with the fallout from the hack.
