US federal authorities have expressed increased alarm about a long-undetected intrusion into US and other computer systems around the globe.
Officials suspect the cyber attack, which is said to have lasted for months, was carried out by Russian hackers but have not made the allegation publicly.
“Critical infrastructure” was targeted in a sophisticated attack that was hard to detect and will be difficult to undo, the national cybersecurity agency said, warning of a “grave” risk to government and private networks.
Officials from the Cybersecurity and Infrastructure Security Agency (CISA) did not elaborate further. Homeland Security, the agency’s parent department, defines such infrastructure as any “vital” assets to the US or its economy, a broad category that could include power plants and financial institutions.
The Department of Energy acknowledged it was among those that had been hacked. It has claimed, however, that national security operations have not been affected, including the agency that manages the nation’s nuclear weapons stockpile.
The attack — revealed last weekend by Californian cybersecurity company FireEye, which was also targeted — was consistent with “state-sponsored” action, the firm said.
’40 organisations infiltrated’
Microsoft, which has helped respond to the breach, revealed late Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organisations and IT companies infiltrated by the hackers.
It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” the tech giant said in a blog post.
CISA previously said the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods, as well.
Over the weekend, amid reports that the Treasury and Commerce departments were breached, CISA directed all civilian agencies of the federal government to remove SolarWinds from their servers. The cybersecurity agencies of Britain and Ireland issued similar alerts.
‘Worst hacking case in US history’
A US official previously told The Associated Press that Russia-based hackers were suspected, but neither CISA nor the FBI has publicly said who is believed to be responsible. Asked whether Russia was behind the attack, the official said: “We believe so. We haven’t said that publicly yet because it isn’t 100% confirmed.”
Another US official, speaking Thursday on condition of anonymity to discuss a matter that is under investigation, said the hack was severe and extremely damaging although the administration was not yet ready to publicly blame anyone for it.
“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”
The attack, if authorities can prove it was carried out by Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.
Trump, whose administration has been criticised for eliminating a White House cybersecurity adviser and downplaying Russian interference in the 2016 presidential election, has made no public statements about the breach.
President-elect Joe Biden, who inherits a thorny US-Russia relationship, spoke forcefully about the hack, declaring that he and Vice President-elect Kamala Harris “will make dealing with this breach a top priority from the moment we take office.”
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said.
Asked about Russian involvement in a radio interview Monday, Secretary of State Mike Pompeo acknowledged that Russia consistently tries to penetrate American servers, but quickly pivoted to threats from China and North Korea.
Democratic Senators Dick Durbin and Richard Blumenthal, who were briefed Tuesday on the hacking campaign in a classified Armed Services Committee session, were unequivocal in blaming Russia.
Speaking earlier this week, Kremlin spokesman Dmitry Peskov denied Russian involvement.