Suspected Russian hackers who broke into US government agencies also spied on less high-profile organisations, including groups in Britain, a US internet provider and a county government in Arizona, according to web records and a security source.
Subscribe now for unlimited access.
or signup to continue reading
More details were revealed on Friday of the cyber espionage campaign that has computer network security teams worldwide scrambling to limit the damage.
US Secretary of State Mike Pompeo told a radio show the intrusion appeared to come from Russia.
"I think it's the case that now we can say pretty clearly that it was the Russians that engaged in this activity," he told the Mark Levin show.
Networking gear maker Cisco Systems said a limited number of machines in some of its labs had been found with malicious software on them, without saying if anything had been taken. A person familiar with the company's ongoing probe said fewer than 50 were compromised.
In Britain, a small number of organisations were compromised and not in the public sector, a security source said.
Shares in cyber security companies FireEye, Palo Alto Networks and Crowdstrike Holdings rose on Friday as investors bet that the spate of disclosures from Microsoft Corp and others would boost demand for security technology.
Reuters identified Cox Communications and Pima County, Arizona, government as victims of the intrusion. The hack hijacked ubiquitous network management software made by SolarWinds Corp.
The breaches of US government agencies, first revealed by Reuters on Sunday, hit the Department of Homeland Security, the Treasury Department, State Department and Department of Energy. In some cases the breaches involved monitoring emails but it was unclear what hackers did while infiltrating networks, cybersecurity experts said.
Trump has not said anything publicly about the intrusion. He was being briefed "as needed", White House spokesman Brian Morgenstern told reporters. National security adviser Robert O'Brien was leading interagency meetings daily, if not more often, he said.
No determinations have been made on how to respond or who was responsible, a senior US official said.
SolarWinds, which disclosed its unwitting role at the centre of the global hack on Monday, has said that up to 18,000 users of its Orion software downloaded a compromised update containing malicious code planted by the attackers. The attack was believed to be the work of an "outside nation state", SolarWinds said.
People familiar with the matter have said the hackers were believed to be working for the Russian government. Kremlin spokesman Dmitry Peskov dismissed the allegations.
On Friday, US Representative Stephen Lynch, head of the House of Representatives Committee on Oversight and Reform panel's national security subcommittee, said the information provided by the Trump administration was "very disappointing".
The breach appeared to provide President-elect Joe Biden with an immediate headache when he takes office on January 20. His transition team's executive director Yohannes Abraham said there would be "substantial costs" and the incoming administration "will reserve the right to respond at a time and in a manner of our choosing, often in close co-ordination with our allies and partners".
Australian Associated Press
