According to network records and security sources, suspicious Russian hackers who broke into U.S. government agencies also monitored some less high-profile organizations, including organizations in the United Kingdom, Internet providers in the United States, and the county government in Arizona.
More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage as a senior official in the outgoing administration of U.S. President Donald Trump explicitly acknowledged Russia’s role in the hack for the first time.
Secretary of State Mike Pompeo said on the Mark Levin radio show “I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity.”
Networking gear maker Cisco Systems Inc said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company’s ongoing probe said fewer than 50 were compromised.
In Britain, a small number of organizations were compromised and not in the public sector, a security source said.
Shares in cyber security companies FireEye Inc, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology.
Reuters identified Cox Communications Inc and the government of Pima County in Arizona as the victims of the invasion by running a publicly coded script run by researchers at Kaspersky, a private cybersecurity company based in Moscow. The hacker hijacked the ubiquitous network management software produced by SolarWinds Corp. Kaspersky decrypted online Web records left by the attackers.
Reuters first disclosed violations of US government agencies on Sunday, touching the Department of Homeland Security, Treasury, State Department and Energy Department. Cyber security experts say that in some cases, violations include monitoring emails, but it is not clear what hackers did when they penetrated the network.
Trump did not publicly release any news about the invasion. White House spokesperson Brian Morgenstern told reporters that he was informed of the situation “as needed.” He said that National Security Adviser Robert O’Brien presides over inter-agency meetings every day, if not more frequently.
“They’re working very hard on mitigation and making sure that our country is secure. We will not get into too many details because we’re just not going to tell our adversaries what we do to combat these things,” Morgenstern said.
Senior US officials said that it has not yet determined how to respond or who is responsible.
SolarWinds revealed its unwilling role at the center of global hacking attacks on Monday. The company said that as many as 18,000 users of its Orion software downloaded infected updates containing malicious code implanted by attackers. SolarWinds said in its regulatory disclosure that the attack was considered the work of an “external country.”
People familiar with the matter have said the hackers were believed to be working for the Russian government. Kremlin spokesman Dmitry Peskov dismissed the allegations.