Extra Hacking Assaults Discovered, Officers Warn of Threat to U.S. Authorities
President Trump has not yet said anything about the attack.
Microsoft reiterated the government’s warning and announced on Thursday that it had identified 40 companies, government agencies and think tanks that at least the alleged Russian hackers had infiltrated. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms like FireEye, tasked with securing large swaths of the public and private sectors.
“It’s early days, but we’ve already identified 40 victims – more than anyone else has reported – and believe that number should increase significantly,” said Brad Smith, president of Microsoft, in an interview on Thursday. “There are more non-government victims than government victims, with an emphasis on IT companies, especially in the security industry.”
The Department of Energy and its National Nuclear Security Administration, which maintains US nuclear supplies, were compromised as part of the larger attack. However, the investigation found that the hack had no impact on “mission-critical national security functions,” a Department of Energy spokeswoman Shaylyn Hynes said in a statement.
“At this point, the investigation showed that the malware was only isolated for corporate networks,” said Ms. Hynes. The nuclear agency hack was previously reported by Politico.
Officials have not yet publicly named the attacker responsible, but intelligence agencies have told Congress that they believe it was carried out by the SVR, an elite Russian intelligence agency. A Microsoft “heat map” on infections shows that the vast majority – 80 percent – are in the US, while Russia has no infections at all.