The first word that hackers had carried out a highly sophisticated intrusion into U.S. computer networks came on Dec. 8, when the cybersecurity firm FireEye announced it had been breached and some of its most valuable tools had been stolen.
“We escalated very quickly from the moment I got the first briefing that, ‘Hey, we have a security incident of some magnitude,’ ” FireEye CEO Kevin Mandia told All Things Considered co-host Mary Louise Kelly. “My gut was telling me it was something we needed to put people on right away.”
Mandia was right. Within days, the scope of the hack began to emerge.
Multiple U.S. agencies were successfully targeted, including the departments of State, Treasury, Commerce, Energy and Homeland Security as well as the National Institutes of Health.
The hackers attached their malware to a software update from Austin, Texas-based company SolarWinds, which makes software used by many federal agencies and thousands of private companies to monitor their computer networks.
The SVR, Russia’s foreign intelligence agency, is considered the most likely culprit, according to Secretary of State Mike Pompeo and some members of Congress who have been briefed by…