Widespread U.S. government cyberattack expands in scope

Federal officials have attributed the cyberoffensive to Russia.

FBI headquarters building in Washington, DC.
The Washington Post/The Washington Post/Getty Images

Federal officials say that a recent string of cyberattacks against government systems has been linked to Russia and poses, "a grave risk to the federal government." It emerged earlier this week that — among other targets — hackers penetrated the Department of Energy and the National Nuclear Security Administration, which oversees the U.S. nuclear weapons stockpile. Which is worrying, to say the least.

A huge attack — The scope of the hacks has become both clearer and more troublesome in recent days, and now appears to reach far beyond the three agencies where suspicious activity was first identified. Microsoft said Thursday it identified at least 40 companies, government agencies, and think tanks that have been infiltrated by suspected Russian hackers. While more than half of the victims appear to be private companies, many of them are IT companies in the security industry, like SolarWinds, which provide software to government agencies.

Though the agency that oversees American nuclear weapons was compromised, officials say that hackers did not gain access to functions that would allow them to disrupt or trigger any weapons. Instead, they planted malware in software from SolarWinds that allows firms to monitor critical network infrastructure.

Microsoft worked in collaboration with cybersecurity firm FireEye to cut off communication between SolarWinds network management software and the server that the allegedly Russian hackers were using to send instructions to their malware.

New age warfare — Nonetheless, other software used by the U.S. government is believed to also have been infected and accessed by foreign spies, and investigators are still trying to unravel the extent of the breach. The real risk is, being so close to critical infrastructure, hackers could ultimately use their access to disrupt critical American data systems or corrupt data on them.

Last month, Microsoft said it had linked Russian-backed hacking groups to a string of attacks on organizations working on a coronavirus vaccine. More insidious cyberattacks have been used by North Korea in recent years to take control of hospital networks for ransom, a crucial source of funds to further its nuclear weapons program.

Experts have warned for years about the potential for hackers to disrupt U.S. infrastructure. Cyberattacks are increasingly a way North Korea, Russia, and other adverseries show force in a way they can't with nuclear weapons. The nature of internet-based attacks makes them harder to attribute to a specific country.