WASHINGTON — The government’s cybersecurity agency is expressing increased alarm about a hack of computer systems in the U.S. and around the globe that officials suspect was carried out by Russia.
The cybersecurity unit of the Department of Homeland Security says the hack “poses a grave risk” to the U.S. government and state and local governments as well as critical infrastructure and private business.
The Cybersecurity and Infrastructure Security Agency announced the SolarWinds Orion vulnerability that was disclosed this week as the compromised piece of software, was not the only way that hackers were able to get into government agencies, private companies and critical infrastructures over the last several months.
"CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations," the alert issued by the agency said. "CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."
The U.S. Energy Department is the latest government unit to announce they had systems compromised in the hack.
The department says the impact of the hack appears to be “isolated to business networks” and "has not impacted the mission essential national security functions of the Department, including the National Nuclear Security Administration (NNSA)," which manages the country’s stockpile of nuclear weapons.
It’s not just government agencies, Microsoft is reporting in a blog post more than 40 customers around the world appear to have been targeted in the hack.
The hack creates a fresh foreign policy problem for President Donald Trump in his final days in office.
President Trump has not made public comments regarding the hack, or the government’s response to Russia or whoever may be responsible. A White House senior official told CNN Trump was briefed on the hack by his top intelligence officials on Thursday.
President-elect Joe Biden has also received briefings on the hack and released a statement.
"Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation," Biden said, making no specific mention of Trump or his administration, but also not naming Russia as the culprit.
President-elect Joe Biden says his new administration “will make dealing with this breach a top priority from the moment we take office.”