This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
The FBI and other agencies investigating an extensive cyberattack on U.S. government computer networks will brief members of Congress on December 18 about the intrusion, which officials suspect was carried out by Russian hackers.
The meeting comes as federal authorities expressed heightened alarm about the intrusion and as Microsoft and the U.S. Department of Energy added themselves to the list of entities affected.
The U.S. government’s top cybersecurity agency on December 17 issued its most urgent warning yet about the cyberattack, saying it posed a “grave risk” to computer networks maintained by governments, utilities, and the private sector and could be difficult to purge.
The Cybersecurity and Infrastructure Security Agency (CISA) said on December 17 that removing the malware from compromised systems “will be highly complex and challenging for organizations.”
U.S. cybersecurity officials have not officially blamed Russia, but some members of Congress have. The cyberattack was first reported on December 13 in news reports that quoted unidentified U.S. officials as saying Russia-based hackers were suspected.
The CISA alert noted that the attack came from “a patient, well-resourced, and focused adversary” that engaged in “operational security and complex tradecraft.”
Russia’s U.S. Embassy has denied any involvement, saying in a statement on December 14 that Russia “does not conduct offensive operations in the cyber domain.”
The Department of Homeland Security, the Treasury Department, and the Commerce Department were among those affected in the attack, according to media reports, quoting unidentified officials with knowledge of the cyberattack.
The Department of Energy acknowledged on December 17 that it was among those that had been hacked. The department includes the agency that manages the country’s nuclear weapons stockpile.
Microsoft said on December 17 that it found malicious software in its systems related to the hacking campaign. The company is a customer of SolarWinds, the U.S. software company whose network management software was compromised.
“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said, according to Reuters.
The spokesperson said the company had found no indications that its systems were used to attack others.
Microsoft said most of the compromised customers are in the United States, with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel, and the United Arab Emirates.
U.S. President-elect Joe Biden called the cyberattack a “great concern” and promised to impose “substantial costs” on the perpetrators.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said in a statement on December 17. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
Biden said his incoming administration is working with the government agencies that were affected to learn all it can about the attack.