US authorities have expressed increased alarm about an intrusion into US and other computer systems around the globe that officials suspect was carried out by Russian hackers.
The nation’s cybersecurity agency warned of a “grave” risk to government and private networks, after federal agencies and “critical infrastructure” were hacked in a sophisticated attack.
The Cybersecurity and Infrastructure Security Agency said in its most detailed comments yet the intrusion had compromised federal agencies as well as “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo.
CISA did not say which agencies or infrastructure had been breached or what information taken in an attack that it previously said appeared to have begun in March.
The Department of Energy acknowledged in a separate statement that it was among those that had been hacked.
“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” the agency said in its unusual alert.
“CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.”
The hack, if authorities can indeed prove it was carried out by a nation such as Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.
Mr Trump, whose administration has been criticised for eliminating a White House cybersecurity adviser and playing down Russian interference in the 2016 presidential election, has made no public statements about the breach.
President-elect Joe Biden said he would make cybersecurity a top priority of his administration but stronger defences were not enough.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said.
“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.
“There’s a lot we don’t yet know, but what we do know is a matter of great concern.”
The cybersecurity agency previously said the perpetrators had used network management software from Texas-based SolarWinds to infiltrate computer networks. Its new alert said the attackers may have used other methods as well.
At the weekend, amid reports the Treasury and Commerce departments were breached, CISA directed all civilian agencies of the federal government to remove SolarWinds from their servers. The cybersecurity agencies of Britain and Ireland issued similar alerts.
A US official previously told The Associated Press that Russia-based hackers were suspected but neither CISA nor the FBI has publicly said who is believed to be responsible.
Another US official said the hack was severe and extremely damaging, although the administration was not yet ready to publicly blame anyone for it.
“This is looking like it’s the worst hacking case in the history of America,” the official said. “They got into everything.”
At the Department of Energy, the initial investigation revealed that malware injected into its networks via a SolarWinds update was found only on its business networks and had not affected national security operations, including the agency that manages the nation’s nuclear weapons stockpile.
It said vulnerable software was disconnected from the DOE network to reduce any risk.
The intentions of the perpetrators appear to be espionage and gathering information rather than destruction, according to security experts and former government officials.