In the early days of 2021, three weeks after word of the breach surfaced—and as many Americans were distracted with the holidays, coronavirus pandemic and election fallout—The New York Times reported that more than 250 business and federal agencies were likely affected.
The attack, attributed to Russia, has stoked increasing concerns about how U.S. cybersecurity defenses failed and what vulnerabilities remain for government and private-sector networks. The Kremlin has denied involvement.
Among the latest revelations: the attacks came from servers within the United States, according to FireEye, the cybersecurity firm that first called attention to the breach. Lacking authority to enter private sector networks, the National Security Agency and homeland security would’ve been restricted in their ability to defend against such domestic attacks.
Microsoft has also confirmed that the hackers behind the SolarWinds breach accessed some of the software giant’s source code. Cybersecurity pros told CNBC that the move gives a troubling indication of how vast the cyber attack could be in scope.
The Cybersecurity and Infrastructure Security Agency has still been working to address known vulnerabilities and recommended agencies update their SolarWinds software, as CNN notes. Congressional Democrats and President-elect Joe Biden’s team have been pushing the Trump administration to disclose more about its response to the hacking.
Sen. Mark Warner (D-Va.), the ranking member of the Senate Intelligence Committee, told the Times that the hack looked “much, much worse” than first feared. “The size of it keeps expanding."
Determining the full extent of the damage could take months or even years, according to intelligence officials.