The SolarWinds attack affected about 100 private companies and nine government agencies were launched from inside the United States, a top White House official told reporters. The US government has published renewed terms on the number of companies and federal agencies it considers were affected by the recent SolarWinds hack. “As of today, 9 federal agencies and about 100 private sector companies were compromised,” said deputy national security advisor Anne Neuberger in a briefing, though she refused to take the name of specific organizations. Although the hack was “likely of Russian origin,” Neuberger said the hackers launched their attack from inside the US. The most advanced forms shown are lower than the 250 federal agencies and businesses that were previously reported to have been infected, though Neuberger cautioned that the investigation is still in its “beginning stages” and that “additional compromises” may be found. Inappropriate, the technology firms settled on give hackers possible spaces for future attacks. Up to 18,000 SolarWinds customers are thought to have originally received the malicious code, though hackers did not attempt to gain additional access to all of them.
“As of today, 9 federal agencies and about 100 private sector companies were compromised”
The government believes it is still in the beginning stages of understanding the scope of the attack and said that the number of affected victims could grow as it uncovers more of the plot.
The hack ingeniously came to light late last year, when it appeared that hackers had to agree on SolarWinds’ monitoring and management software, which is used by multiple government agencies and Fortune 500 companies, Bloomberg notes. Companies including Intel, Nvidia, Cisco, Belkin, and VMWare have all reportedly seen computers on their networks infected, as well as the US Treasury, Commerce, State, Energy, and Homeland Security departments.
The range of the attack means that it may be many months before the government completes its investigation. As part of the process, Neuberger said the government is planning an executive action to fix the security problems identified, and that “discussions are underway” about how to respond to the perpetrator.