A massive computer breach allowed hackers to spend months exploring numerous U.S. government networks and private companies’ systems around the world. Industry experts say a country mounted the complex hack — and government officials say Russia is responsible.
The hackers attached their malware to a software update from SolarWinds, a company based in Austin, Texas. Many federal agencies and thousands of companies worldwide use SolarWinds’ Orion software to monitor their computer networks.
SolarWinds says that nearly 18,000 of its customers — in the government and the private sector — received the tainted software update from March to June of this year.
Here’s what we know about the attack:
Who is responsible?
Russia’s foreign intelligence service, the SVR, is believed to have carried out the hack, according to cybersecurity experts who cite the extremely sophisticated nature of the attack. Russia has denied involvement.
President Trump has been silent about the hack and his administration has not attributed blame. However, U.S. intelligence agencies have started briefing members of Congress, and several lawmakers have said the information they’ve seen points toward Russia.
Included are members of the Senate Armed Services Committee, where Chairman James Inhofe, a Republican from Oklahoma, and the top Democrat on the panel, Jack Reed of Rhode Island, issued a joint statement Thursday saying “the cyber intrusion appears to be ongoing and has the hallmarks of a Russian intelligence operation.”
After several days of saying relatively little, the U.S. Cybersecurity and Infrastructure Security Agency on Thursday delivered an ominous warning, saying the hack “poses a grave risk” to federal, state and local governments as well as private companies and organizations.
In addition, CISA said that removing the malware will be “highly complex and challenging for organizations.”
The episode is the latest in what has become a long list of suspected Russian electronic incursions into other nations under President Vladimir Putin….