Washington Federal authorities on Thursday were more concerned about an undetected breach of computer systems in the United States and elsewhere in the world that authorities suspect was carried out by Russian hackers.
The country’s cybersecurity agency warned of a “serious” risk to government and private networks.
The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was difficult to detect and undo, the Cybersecurity and Infrastructure Security Agency (CISA) said in a rare warning message. The Department of Energy recognized it as one of those affected.
The attack, if the authorities can prove it was carried out by Russia as experts believe, creates a new foreign policy problem for the president. Donald Trump in his last days in office.
Trump, whose administration has been criticized for removing the position of White House cybersecurity adviser and downplaying Russian interference in the 2016 presidential election, has not commented on the matter.
The elected president Joe Biden, who will inherit a potentially complicated relationship between Washington and Moscow, spoke out forcefully about the hack, stating that both he and the vice president Kamala Harris “We have a priority in resolving this infiltration from the moment we take office.”
“We need to interrupt and stop our opponents from launching major cyber-attacks at all,” he said. “We will do this, among other things, by imposing substantial costs on those responsible for malicious attacks, including in coordination with our allies and partners.”
“There’s still a lot we don’t know, but what we do know is that it’s a major concern,” he said. He thanked the government’s “public officials” who, he said, “worked tirelessly to respond to this attack.”
CISA officials did not respond to inquiries, so it was unclear what the agency was referring to due to the “serious threat” or “critical infrastructure” potentially affected by the attack, which apparently began in March, according to the agency previously reported.
The Department of Homeland Security, the agency to which CISA belongs, defines such infrastructure as any asset that is “vital” to the United States or its economy, a broad category that can include power plants and financial institutions.
The agency said the perpetrators had used network management software from Texas-based company SolarWinds to infiltrate computer networks. His new warning said hackers could have used other methods as well.
Over the weekend, amid reports of a breach into the Treasury and Commerce Ministries, the CISA ordered all civil federal government agencies to remove SolarWinds software from their servers. The cybersecurity agencies of Great Britain and Ireland have issued similar warnings.