Russia was “quite clear” behind a devastating cyberattack on several US authorities that also hit targets around the world, said Secretary of State Mike Pompeo.
Microsoft said at the end of Thursday that it had notified more than 40 customers affected by malware, which security experts say could allow attackers unlimited network access to key government systems and power grids and other tools.
“A significant effort was made to use a piece of third-party software to essentially embed code into US government systems,” Pompeo told The Mark Levin Show on Friday.
“This was a very significant effort, and I think it is so that we can now say quite clearly that it was the Russians who engaged in this activity.”
About 80 percent of the affected customers are in the United States, said Microsoft President Brad Smith in a blog post, with victims also in Belgium, Britain, Canada, Israel, Mexico, Spain and the United Arab Emirates.
“It is certain that the number and location of the victims will continue to grow,” Smith said, reiterating the concern expressed by US officials this week about the serious threat posed by the attack.
“This is not ‘espionage as usual,’ not even in the digital age,” Smith said.
“Instead, it represents a ruthlessness that created a serious technical vulnerability for the United States and the world.”
John Dickson from the security company Denim Group said that many companies in the private sector that may be vulnerable are encrypted to strengthen security, even considering rebuilding servers and other equipment.
“Everyone is in injury assessment now because it’s so big,” Dickson said. “It is a serious blow to confidence in both government and critical infrastructure.”
The threat comes from a long-running attack that is believed to have injected malicious software into computer networks using enterprise management software manufactured by Texas-based IT company SolarWinds, with the hallmarks of a nation-state attack.
James Lewis, vice president of the Center for Strategic and International Studies, said the attack could end up being the worst to hit the United States and darken the 2014 notch by U.S. government personnel in a suspected Chinese infiltration.
“The scale is scary. We do not know what has been taken so it is one of the tasks of forensics,” Lewis said.
“We also do not know what has been left. The normal practice is to leave something so that they can come back into the future.”
National Security Agency (NSA) warning
The National Security Agency called for increased vigilance to prevent unauthorized access to important military and civilian systems.
Analysts have said the attacks pose a threat to national security by infiltrating key government systems, while creating risks for controls of key infrastructure systems such as power grids and other tools.
The US Cybersecurity and Infrastructure Security Agency (CISA) said that authorities, critical infrastructure units and private sector organizations had focused on what it called an “advanced sustained threat actor.”
CISA did not identify who was behind the attack on malware, but private security companies pointed the finger at hackers linked to the Russian government.
Pompeo had also suggested Moscow’s involvement on Monday, saying the Russian government had made repeated attempts to break US government networks.
Elected President Joe Biden expressed “great concern” over the computer breach while Republican Senator Mitt Romney blamed Russia and threw what he called “unforgivable silence” from the White House.
Romney likened the cyberattack to a situation in which “Russian bombers have repeatedly flown undetected across our country.”
CISA said the computer intrusion began at least as early as March this year, and the actor behind it had “shown patience, operational security and complicated tradecraft.”
“This threat poses a serious risk,” CISA said Thursday, adding that it “expects it to be very complex and challenging for organizations to remove this threat from endangered environments.”
Hackers have reportedly installed malicious software on software used by the US Treasury Department and the Commerce Department so that they can see internal e-mail traffic.
The Department of Energy, which manages the country’s nuclear arsenal, confirmed that it had also been affected by malware but had disconnected affected systems from its network.
“At this time, the investigation has shown that malware has been isolated only for business networks and has not affected the mission’s essential national security functions in the department, including the National Nuclear Security Administration,” said the agency’s spokeswoman Shaylyn Hynes.
SolarWinds said that up to 18,000 customers, including government agencies and Fortune 500 companies, had downloaded compromised software updates, allowing hackers to spy on email exchanges.
Russia has denied involvement.