The number of federal agencies and private companies who learn that they have been affected by a massive Russian hack is expected to grow as the investigation into it continues, the U.S. government’s chief counterintelligence official said Tuesday.
The FBI and other agencies last week attributed the intrusions to Russia as part of what officials described as an intelligence-gathering operation rather than an effort to damage or disrupt U.S. government operations. U.S. officials said at the time that fewer than 10 federal agencies were believed to have been compromised “by follow-on activity on their systems.”
William Evanina, the director of the U.S. National Counterintelligence and Security Center, said in a live-stream Washington Post interview that he expected to see a “growth” in the number of victims.
Continuous Updates: Everything You Need to Know About the SolarWinds Attack
So far, the list of agencies known to have been affected includes the Treasury, Commerce and Justice departments, among others.
“I think this will expand accordingly as we identify” additional victims, Evanina said. “I think the hard part for the investigators is we don’t know what we don’t know, but I think this will continue to grow.”
The hacking campaign was extraordinary in scale, with the intruders having stalked through government agencies, defense contractors and telecommunications companies for months by the time it was discovered. Experts say that gave the foreign agents ample time to collect data that could be highly damaging to U.S. national security, though the scope of the breaches and exactly what information was sought is unknown.
An estimated 18,000 organizations were affected by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.
On Monday, SolarWinds said its investigation found evidence the campaign began in September 2019, with the hackers injecting test code that month. The hackers’ patience was impressive. The malicious code that allowed backdoors to be surreptitiously opened on SolarWinds customers had been hidden in an upgrade by the end of February that was delivered to clients beginning the next month.
It would not be discovered for another nine months.
Related: New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds
Related: Investigation Launched Into Role of JetBrains Product in SolarWinds Hack
Related: SolarWinds Taps Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos
