'Russian cyber-attack' has now hit six federal agencies as Pentagon, State Department and National Institutes of Health are revealed as latest hacking targets
The number of federal agencies hacked in a suspected Russian cyber-attack has risen to six after reports that the Pentagon, the State Department and the National Institutes of Health were also targeted.
A Washington Post report said a 'highly sophisticated digital spying operation' had targeted the State Department and NIH, following earlier revelations that the Treasury, Commerce and Homeland Security departments had also been hit.
A separate New York Times report said that parts of the Department of Defense were also affected, citing a US official who said the extent of the damage was unclear.
As many as 18,000 people are thought to have downloaded a Russian-altered software update which gave the hackers access to their computers.
Emails sent by federal officials are known to have been monitored by hackers as part of a sweeping campaign that officials suspect was directed by the Russian government.
The Pentagon is thought to be one of at least six victims of a cyber-attack which officials suspect was directed by the Russian government
Technology company SolarWinds, which was the key stepping stone used by the hackers, said up to 18,000 of its customers had downloaded the compromised software update that allowed hackers to spy unnoticed for nearly nine months.
The United States issued an emergency warning on Sunday, ordering government users to disconnect SolarWinds software which it said had been compromised by 'malicious actors.' Moscow has denied involvement.
The latest agencies revealed as targets of the hacking scheme on Monday have not commented on the alleged cyber-attacks.
'For operational security reasons the DoD will not comment on specific mitigation measures or specify systems that may have been impacted,' a Pentagon spokesman said.
One source said the critical network that the DHS cybersecurity division uses to protect infrastructure, including the recent elections, had not been breached.
DHS is a massive bureaucracy responsible among other things for securing the distribution of the Covid-19 vaccine.
The cybersecurity unit there, known as CISA, has been upended by Donald Trump's firing of head Chris Krebs after he contradicted the president's claims of fraud in the November 3 election.
SolarWinds said it believed the attack was the work of an 'outside nation state' that inserted malicious code into updates of its Orion network management software.
'SolarWinds currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000,' it said.
The company did not respond to requests for comment about the exact number of compromised customers or the extent of any breaches at those organisations.
It said it was not aware of vulnerabilities in any of its other products and it was now investigating with help from US law enforcement and outside cybersecurity experts.
You've been hacked: The departments of Treasury, Commerce, State and Homeland Security were targeted along with the Pentagon and National Institutes of Health
SolarWinds boasts 300,000 customers globally, including the majority of the United States' Fortune 500 companies and some of the most sensitive parts of the US and British governments.
These include the White House, the UK and US defense departments and both countries' signals intelligence agencies.
Because the attackers could use SolarWinds to get inside a network and then create a new backdoor, merely disconnecting the network management program is not enough to boot the hackers out, experts said.
For that reason, thousands of customers are looking for signs of the hackers' presence and trying to hunt down and disable those extra tools.
Investigators around the world are now scrambling to find out who was hit.
A British government spokesman said the UK was not currently aware of any impact from the hack but was still investigating.
Three people familiar with the investigation into the hack told Reuters that any organisation running a compromised version of the Orion software would have had a 'backdoor' installed in their computer systems by the attackers.
'After that, it's just a question of whether the attackers decide to exploit that access further,' said one of the sources.
Early indications suggest that the hackers were discriminating about who they chose to break into, according to two people familiar with the wave of corporate cybersecurity investigations being launched Monday morning.
'What we see is far fewer than all the possibilities,' said one person. 'They are using this like a scalpel.'
FireEye, a prominent cybersecurity company that was breached in connection with the incident, said in a blog post that other targets included 'government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East.'
'If it is cyber espionage, then it one of the most effective cyber espionage campaigns we've seen in quite some time,' said John Hultquist, FireEye's director of intelligence analysis.