UPDATED 8:43 AM PT – Friday, December 18, 2020
Government agencies are on high alert as officials report more victims in a massive hacking operation that may have ties to the Russian government. Security experts are calling it the biggest hack in a decade.
New reports have revealed more U.S. companies and government entities were implicated in a widespread data breach that appeared to target American software firm SolarWinds.
Microsoft, the U.S. Energy Department and the National Nuclear Security Administration, which oversee the nation’s nuclear weapon stockpile, were all reportedly targeted in the breach. Around 18,000 companies that use SolarWinds products were also affected.
White House Press Secretary Kayleigh McEneny said government agencies were made aware of the issue earlier in the week, but that evidence suggests the operation has gone on since March. She warned all federal civilian agencies that they may have been affected.
“CISA (Cybersecurity & Infrastructure Security Agency) has issued an emergency directive on Sunday night for all federal civilian agencies to review their networks for indicators of compromise and disconnect or to power down SolarWinds Orion products immediately,” she announced. “So, we are taking a hard look on this and obviously take any sort of cyber attacks very seriously.”
A Thursday bulletin posted by the Department of Homeland Security revealed hackers were able access and manipulate sensitive government data by exploiting updates to software created by SolarWinds.
A spokeswoman from the Energy Department said, so far, the breach doesn’t appear to present any imminent threats to national security.
According to CISA, the cybersecurity wing of the NSA, hackers are currently known to have at least monitored emails from the Treasury, State, Commerce and Homeland Security Departments as well as parts of the Defense Department.
In a Wednesday op-ed, former Homeland Security adviser Thomas Bossert said evidence suggests the Russia Foreign Intelligence Service is likely behind the effort.
President Trump reportedly received a briefing on the hack Thursday.
Meanwhile, the House Homeland Security and House Oversight Committees have launched an investigation and the FBI has scheduled a classified briefing with members of Congress on Friday to discuss what they know about the breach so far.