Olivier Douliery/AFP via Getty Images
Updated at 3:30 a.m. ET
A U.S. cybersecurity agency said Wednesday that the far-reaching attack into the IT management company SolarWinds discovered earlier this month has infected more systems than previously thought.
The U.S. Cybersecurity and Infrastructure Security Agency, also known as CISA, said Wednesday that the hack not only affected key federal agencies, but also computer systems used by state and local governments, critical infrastructure entities and other private sector organizations.
There is also evidence that other networking software may have been compromised, CISA said. The cybersecurity agency said it is investigating signs of abuse of Security Assertion Markup Language (SAML) tokens as well. SAML tokens are complex password handlers that allow different programs to communicate, allowing for one single log-in to access various services.
The hackers attached malware to a software update for SolarWinds’ Orion system, which is used by many federal agencies and thousands of companies worldwide to monitor their computer networks. It’s known that the hack has so far infected several computer systems within the U.S. government, including at the departments of Treasury, Commerce, and Energy. Microsoft has said at least 40 of its customers were also affected by the hack.
CISA said that the agency is “tracking a significant cyber incident” having an impact on networks across federal, state, and local governments. The message shared by CISA on Wednesday didn’t detail which local governments or other entities may have been affected by the malware and details remain scarce.
“This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked,” CISA said in its message posted online.
Russia’s foreign intelligence service, the SVR, is believed to have carried out the hack. Kremlin officials have denied this charge.
Reuters has previously reported that Pima County, Arizona was among the targets of the attack.
SolarWinds says that nearly 18,000 of its customers received the software update that included the malware from March to June of this year.