US intelligence and security agencies have warned that the cyberattack on the government and companies that came to light last weekend was “underway” as Washington delves into the extent of the damage.
The FBI, the director of the national intelligence agency and the Cybersecurity and Infrastructure Security Agency, said in a statement that they had formed a task force to respond to the sophisticated attack, which they described as a “significant and ongoing cybersecurity campaign.”
“This is an evolving situation, and while we continue to work to understand the full scope of this campaign, we know that this compromise has impacted networks within the federal government,” the agencies said.
Cybersecurity experts are trying to determine the extent of the damage done by the attack, which lasted for months until it was discovered by FireEye, a cybersecurity company that was also a victim of the hacking campaign.
The hackers began inserting malware into software updates in March that SolarWinds, an IT company, sent to government and private sector customers who use their Orion software to manage their networks.
FireEye, SolarWinds, and some US officials have blamed hackers for the breach. Mike Pompeo, Secretary of State, appeared to mention Russia in his answer to a question about the hack on Monday, saying Moscow had made “consistent” efforts to penetrate the US government and private sector networks.
Richard Blumenthal, Democratic senator from Connecticut, also pointed to Russia on Wednesday after he and other members of Congress received a secret briefing from intelligence officials about the hack.
“Today’s secret briefing on the Russian cyber attack made me deeply alarmed, in fact downright scared,” Mr Blumenthal wrote on Twitter. “Americans deserve to know what’s going on. Clear the classification of what is known and unknown. “
Robert O’Brien, the White House national security adviser, aborted a trip to Europe on Tuesday to return to Washington to address the situation.
Security experts warned that the scale and sophistication of the attack would make it impossible to determine the full extent of the damage.
Theresa Payton, former White House Chief Information Officer and CEO of cybersecurity consultancy Fortalice Solutions, said the hack posed “a significant challenge” to the incoming Biden administration as officials consider how much data has been stolen and what the hackers would like to use. the information for.
Experts believe the hack is one of the most sophisticated attacks on the US government since China infiltrated the government agency that stores personnel information, including sensitive data related to the granting of security clearances, for millions of US federal employees.
SolarWinds said it believed “less than 18,000” of its customers had downloaded the infected software updates.
Earlier this week, Microsoft said the hackers behind the latest attack could impersonate other users within networks, allowing them to access highly secure accounts.
But SolarWinds has suggested that the breaches they discovered are based on manual, custom attacks – meaning the hackers may not have compromised everyone who was exposed. FireEye said on Wednesday that it had identified a kill switch that could prevent the attackers from lurking in networks.
To follow Demetri Sevastopulo and Hannah Murphy on Twitter
Daily newsletter
#techFT brings you news, commentary, and analysis about the major companies, technologies and issues shaping these fastest growing industries from specialists around the world. Click here to get #techFT in your inbox.