US intelligence agencies have said they believe Russia was behind the “serious” cyber compromise revealed in December.
President Trump had previously suggested China might have been behind the hack, although other members of his administration had pointed the finger at Moscow.
In a joint statement, the intelligence bodies say they currently believe fewer than 10 US government agencies saw their data compromised, although other organisations outside of government were also affected.
They say work is still going on to understand the scope of the incident, which appears to have been aimed at gathering intelligence and which they say is “ongoing” a month after details first emerged.
The update on the investigation came in a statement from a task force called the Cyber Unified Coordination Group which was set up to deal with the incident. It comprises intelligence and law enforcement agencies including the FBI and NSA.
The group said it was still working to understand the scope of what had taken place.
Eighteen thousand customers who used Orion product from the company Solar Winds were exposed but US intelligence says it believes a much smaller number saw follow-on activity from the hackers in which they stole data. The US Treasury was among those which previously acknowledged being targeted.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the statement said. Many organisations are having to scour their systems for signs that they may have been compromised.
The incident sent shockwaves across the US partly because the breach was undiscovered for many months and was potentially far-reaching in terms of who it might have affected. It also suggested a degree of sophistication and stealth which was widely seen as a trademark of hackers from the SVR, Russia’s foreign intelligence agency.