The US government has released updated figures on how many companies and federal agencies it believes have been affected by the recent SolarWinds hack.
The US government’s investigation into the SolarWinds hack will likely take at least several months, according to a White House cybersecurity official, speaking in the Biden administration’s first public assessment of the severity of a suspected Russian spying campaign.
Anne Neuberger, a deputy national security advisor, said: Press briefing: At least nine federal agencies have been specifically targeted by the hacking process. At least 100 private sector companies have been hacked, but they have refused to name specific organizations.
Although the breach was likely to be Russian, Neuberger said: The hackers launched their attack from inside the United States.
The most recent numbers disclosed represent fewer than 250 companies and federal agencies previously reported as infected, despite Neuberger’s warning that the investigation is still in its early stages and that additional breaches may be found.
This vulnerability gave hackers an opportunity to launch highly customized attacks aimed at penetrating specific targets of interest.
Up to 18,000 SolarWinds customers are believed to have received the malicious code, although the hackers have not attempted to gain additional access to all of them.
The hack originally surfaced late last year, when it emerged that hackers had compromised SolarWinds’ monitoring and management software, which is used by many government agencies and companies.
It was reported that companies, including Intel, Nvidia, Cisco, Belkin and VMWare, had seen infected computers across their networks, and the ministries of Agriculture, Trade, Energy, Homeland Security, Justice and Treasury were also affected by the breach.
The federal judiciary and the US Postal Service are also investigating whether they have been compromised.
It remains unclear what data the hackers have accessed, although the Ministry of Justice said that nearly 3 percent of its email accounts were hacked.
The size of the attack means that several months may pass before the government completes its investigation, and as part of this process, Neuberger said: The government plans to take upcoming implementation measures to address the security flaws that the investigation has revealed so far.Discussions are ongoing about how to respond to the perpetrator.
Newberger’s comments come amid questions from US lawmakers and policy analysts about who is leading the government’s response in the Biden administration to the breach, especially as key positions remain vacant, including director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.