US intelligence and security agencies have warned that the cyber attack on the government and companies revealed at the weekend was “ongoing” as Washington scrambled to ascertain the extent of the damage.
The FBI, the director of national intelligence and the Cybersecurity and Infrastructure Security Agency said in a statement that they had formed a task force to respond to the sophisticated attack, which they described as a “significant and ongoing cyber security campaign”.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the agencies said.
Cyber security experts are trying to determine the scale of damage wrought by the attack, which continued for months until it was discovered by FireEye, a cyber security company that also fell victim to the hacking campaign.
The hackers in March began inserting malware into software updates that SolarWinds, an IT company, sent to government and private sector clients that use its Orion software to manage their networks.
FireEye, SolarWinds and some US officials have blamed “nation-state” hackers for the breach. Mike Pompeo, secretary of state, appeared to single out Russia in his response to a question about the hack on Monday, saying there had been “consistent” efforts by Moscow to try to penetrate US government and private sector networks.
Richard Blumenthal, Democratic senator from Connecticut, also pointed to at Russia on Wednesday after he and other members of Congress received a classified briefing from intelligence officials about the hack.
“Today’s classified briefing on Russia’s cyber attack left me deeply alarmed, in fact downright scared,” Mr Blumenthal wrote on Twitter. “Americans deserve to know what’s going on. Declassify what’s known & unknown.”
Robert O’Brien, the White House national security adviser, cut short a trip to Europe on Tuesday to return to Washington to deal with the situation.
Security experts warned that the scope and sophistication of the attack meant it might be impossible to ascertain the full extent of the damage.
Theresa Payton, a former White House chief information officer and chief executive of cyber security consultancy Fortalice Solutions, said the hack presented “a significant challenge” to the incoming Biden administration as officials consider how much data was stolen and what the hackers might want to use the information for.
Experts believe the hack is one of the most sophisticated attacks on the US government since China infiltrated the government agency that holds personnel information, including sensitive data related to the granting of security clearances, for millions of US federal government employees.
SolarWinds said it believed that “fewer than 18,000” of its customers had downloaded the infected software updates.
Earlier this week, Microsoft said the hackers behind the latest attack were able to pose as other users within networks, enabling them to gain access to highly secure accounts.
But SolarWinds has suggested that the breaches they have uncovered relied on manual, customised attacks — meaning the hackers may not have compromised all of those who were exposed. FireEye on Wednesday said it had identified a kill switch that could stop the attackers from continuing to lurk inside networks.
#techFT brings you news, comment and analysis on the big companies, technologies and issues shaping this fastest moving of sectors from specialists based around the world. Click here to get #techFT in your inbox.