Russian hackers have been accused of ‘hacking Microsoft and infiltrating the US nuclear weapons stockpile’ as thousands of firms were breached over nine months.
The malware that breached poses a ‘grave threat’ to United States was “isolated to business networks only and has not affected US national security,” an Energy Department spokeswoman has revealed.
Hackers used various hacking techniques, including the corruption of updates of network management software by SolarWinds.
The SolarWinds hack may have impacted thousands of companies and government agencies, the DHS revealed.
According to CISA, not all networks were hacked, but everyone should take the hack as no one is safe – even if the organizations used older versions of the SolarWinds software.
The actually damage of the cyber attack may take years to assess, experts said.
The client list for SolarWinds is broad and has included “425 of the companies listed on the Fortune 500 as well as the top 10 telecom operators in the United States,” according to the Verge.
Top senators on the Armed Services Committee reportedly on Thursday said the “ongoing” attack had “the hallmarks of a Russian intelligence operation” on Thursday after the FBI confirmed the multi-department hack.
The Department of Energy (DOE) and National Nuclear Security Administration have proof that their networks were accessed by hackers, officials an American political journalism company.
The networks of the NNSA and DOE, which sustain the nuclear weapons stockpile for the United States, were also hacked during the “extensive espionage operation.”
Meanwhile, the feds said it had formed a task force to address the hacking issue before it emerged today that Microsoft was also compromised.
Sources told Reuters that the tech giant was targeted, alongside government agencies, using software from SolarWinds Corp.
The hackers reportedly used Microsoft products to then further their cyber attacks as they took advantage of the widespread use of the SolarWinds.
The major breach has reportedly impacted at least six federal agencies.
Although officials revealed that “evidence of highly malicious activity” was found, more information has yet to be revealed.
The insidious attack was in the works as early as March 2020 but went undetected until FireEye, a security firm, reported that hackers had penetrated its network last week.