Several weeks after a spectacular hacking attack on numerous US authorities and companies became known, the attack has apparently still not completely stopped. The process is ongoing, said the Federal Police FBI and the NSA wiretapping service in a joint statement.
At the same time, the investigators have apparently found further evidence of who could be behind the so-called SolarWinds hack. “Presumably” Russian hackers were at work, the authorities said. The aim of the break into the data networks was therefore to collect information.
The large-scale attack was uncovered by the IT security company FireEye, which was itself a target of the hackers. The attackers had gained access to the networks using maintenance software from SolarWinds, which was used in many places, and had remained undetected for months.
While a total of around 18,000 customers were affected by SolarWinds, not all of them had suspicious activities in the networks afterwards, the statement said. Among them were fewer than ten US government agencies.
According to initial findings, the US Treasury Department and the State Department as well as the Department of Energy and its subordinate National Nuclear Security Administration (NNSA), the latter administering the US nuclear arsenal, were affected.
Trump refuted by his own authorities
With the assessment that Russian actors were behind the hack, the authorities clearly opposed statements by the outgoing US President Donald Trump. After the attack became known, he claimed without evidence that China was also a possible originator.
IT security experts, however, had been convinced of the Russian trail from the start – Foreign Minister Mike Pompeo and Justice Minister William Barr, who had since retired, had expressed their views accordingly.
Microsoft, which had also discovered the malware in its systems, spoke after the hack of a “broad and successful attack on confidential information of the US government and on the technical tools that are supposed to protect it.”
Given the immense size of the attack, experts had spoken of a possibly historic incident. The scope of the hack also gave hope. “No attacker has enough human resources for each of the potential victims,” wrote Dmitri Alperovitch, former head of technology at the IT security company CrowdStrike, after the incident.