The number of federal agencies and private companies who learn that they have been affected by a massive Russian hack is expected to grow as the investigation into it continues, the U.S. government’s chief counterintelligence official said Tuesday.
The FBI and other agencies last week attributed the intrusions to Russia as part of what officials described as an intelligence-gathering operation rather than an effort to damage or disrupt U.S. government operations. U.S. officials said at the time that fewer than 10 federal agencies were believed to have been compromised “by follow-on activity on their systems.”
William Evanina, the director of the U.S. National Counterintelligence and Security Center, said in a live-stream Washington Post interview that he expected to see a “growth” in the number of victims.
Continuous Updates: Everything You Need to Know About the SolarWinds Attack
So far, the list of agencies known to have been affected includes the Treasury, Commerce and Justice departments, among others.
“I think this will expand accordingly as we identify” additional victims, Evanina said. “I think the hard part for the investigators is we don’t know what we don’t know, but I think this will continue to grow.”
The hacking campaign was extraordinary in scale, with the intruders having stalked through government agencies, defense contractors and telecommunications companies for months by the time it was discovered. Experts say that gave the foreign agents ample time to collect data that could be highly damaging to U.S. national security, though the scope of the breaches and exactly what information was sought is unknown.
An estimated 18,000 organizations were affected by malicious code that piggybacked on popular network-management software from an Austin, Texas, company called SolarWinds.
On Monday, SolarWinds said its investigation found evidence the campaign began in September 2019, with the hackers injecting test code that month. The hackers’ patience was impressive. The malicious code that allowed backdoors to be surreptitiously opened on SolarWinds customers had been hidden in an upgrade by the end of February that was delivered to clients beginning the next month.
It would not be discovered for another nine months.
Related: New Zero-Day, Malware Indicate Second Group May Have Targeted SolarWinds
Related: Investigation Launched Into Role of JetBrains Product in SolarWinds Hack
Related: SolarWinds Taps Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos
More from Associated Press
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
- South Dakota’s Noem Says Cell Phone Number Hacked
- Learning to Lie: AI Tools Adept at Creating Disinformation
- Microsoft Invests Billions in ChatGPT-Maker OpenAI
- Mississippi Creates New Cyber Unit, Names 1st Director
- FBI Chief Says He’s ‘Deeply concerned’ by China’s AI Program
- Ransomware Shuts Hundreds of Yum Brands Restaurants in UK
- EU’s Breton Warns TikTok CEO: Comply With New Digital Rules
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
