President Trump has not yet said anything about the attack.
Microsoft repeated the government’s warning and announced on Thursday that it had identified 40 companies, government agencies and think tanks from which the alleged Russian hackers had at least stolen data. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms like FireEye, tasked with securing large swaths of the public and private sectors.
“It’s early days, but we have already identified 40 victims – more than anyone else has reported – and believe the number should increase significantly,” said Brad Smith, President of Microsoft, in an interview on Thursday. “There are more non-government victims than government victims, with an emphasis on IT companies, especially in the security industry.”
Officials have not yet publicly named the attacker responsible, but intelligence agencies have told Congress that they believe this was done by the SVR, an elite Russian intelligence agency. A Microsoft heat map of infections shows that the vast majority – 80 percent – are in the US, while Russia has no infections at all.
The government warning issued by the Agency for Cybersecurity and Infrastructure Security did not detail the new ways the hackers entered government systems. But it confirmed suspicions that FireEye, a cybersecurity firm, had voiced this week that there were almost certainly other ways the attackers had found to get into networks on which the day-to-day operations of the United States depend.
FireEye was the first to inform the government that since at least March the suspected Russian hackers had infected the regular software updates from a company called SolarWinds, which makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and corporations will monitor the critical infrastructure including the power grid.