Russia is denying involvement in hacking internal communications at the departments of Treasury, Homeland Security and Commerce; Benjamin Hall reports.
Thomas Bossert, former Homeland Security adviser to President Trump, in a Wednesday op-ed said there is evidence that Russia is to blame for what he called a "brazen" cyberattack on software company SolarWinds through cybersecurity company FireEye.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the foreign cyberattack involving SolarWinds Orion products, which is now under FBI investigation, on Sunday and directed all federal agencies to inspect their networks.
A U.S. official told the Associated Press that Russia is a suspect in the attack that began as early as March. Russia denies any involvement.
"Last week, the cybersecurity firm FireEye said it had been hacked and that its clients, which include the United States government, had been placed at risk. This week, we learned that SolarWinds, a publicly traded company that provides software to tens of thousands of government and corporate customers, was also hacked," Bossert wrote.
He added later that he suspected the attack was the "product of a nation-state," saying that "evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world."
Bossert went on to say that he believes it will take years to know which networks Russian hackers have complete control over and which ones they merely occupy.
"The Russians have had access to a considerable number of important and sensitive networks for six to nine months," he wrote. "The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call 'persistent access,' meaning the ability to infiltrate and control networks in a way that is hard to detect or remove."
The Department of Defense said Thursday it has found "no evidence of compromise" in its information network.
"We continue to assess our DOD Information Network for indicators of compromise and take targeted actions to protect our systems beyond the defensive measures we employ each day," said Vice Admiral Nancy Norton, director of the Defense Information Systems Agency. "To date, we have no evidence of compromise of the DODIN. We will continue to work with the whole-of-government effort to mitigate cyber threats to the nation."
For those targets that Russians now control, hackers will be able to alter or destroy data and impersonate employees, the former Homeland Security adviser said.
About 33,000 companies use SolarWinds Orion products, according to the software company, which estimates that about 18,000 companies were directly impacted by the hack.
"SolarWinds…has been made aware of a cyberattack that inserted a vulnerability within its Orion monitoring products which, if present and activated, could potentially allow an attacker to compromise the server on which the Orion products run," SolarWinds said in a Monday SEC filing.
The statement continued: "SolarWinds has retained third-party cybersecurity experts to assist in an investigation of these matters, including whether a vulnerability in the Orion monitoring products was exploited as a point of any infiltration of any customer systems, and in the development of appropriate mitigation and remediation plans."
U.S. federal agencies including the Departments of the Treasury, Commerce, State, Homeland Security and elements of the Defense Department have been compromised as of Thursday.
Fox News' Lucas Tomlinson contributed to this report.