The U.S. government remains in the dark about how deeply Russian hackers penetrated its networks during the worst-ever cyber attack on federal agencies, members of Congress warned Friday.
At least six government departments were disrupted in a Russian intelligence operation expected to begin in March. While there is no evidence that classified networks have been compromised, it is not known what the hackers stole or how long it will take to clean them up.
Members of Congress said the government is still struggling to understand the outcome as details unfold. “This hack was so widespread that even our cybersecurity experts are not yet fully aware of the extent of the harassment itself,” said Stephen Lynch, head of the House of Representatives’ steering and reform committee, after attending a preparatory meeting.
Spokesman Jamie Raskin, another committee member, said: “There’s a lot more we don’t know than we know. I hope the government learns exactly how this has been done to us and what the full extent of the damage is. ”
U.S. officials say they have not become aware of the recent attacks on both the government and some Fortune 500 companies in which cyber hackers were moving unidentified for as long as nine months. . The energy sector and the national nuclear security administration, which manages the country ‘s nuclear weapons stockpile, were among the groups broken.
Hackers inserted malicious code into the software of SolarWinds, a company that provides network services, and appeared to be using other tools to gain access. The American cybersecurity agency has warned of a “serious threat” to the country’s infrastructure.
The tech giant Microsoft, which helped deal with the breach, said it has identified more than 40 government agencies, think tanks, NGOs and IT companies that have been corrupted by the hackers. Four out of five in the US – nearly half of them technical companies – also had victims in Canada, Mexico, Belgium, Spain, the UK, Israel and the United Arab Emirates.
Microsoft said in a blog post: “This is not usually a spy job, even in the digital age. Instead, it represents an act of carelessness that created a real technological vulnerability to the United States and the world. ”
But Donald Trump, long reluctant to criticize his Russian ally, Vladimir Putin, has been quietly silent, aiming instead at an election he lost to reverse. The U.S. president is under increasing pressure to speak out about what some say as a major national security crisis.
Former Republican presidential candidate Mitt Romney told SiriusXM radio: “What amazes me most is that this type of cyber hack is on par today with almost Russian bombers fly unnoticed across the country. “
Describing the country’s cyber defenses as extremely vulnerable and vulnerable, Romney said: “In this situation, the White House is not loudly speaking out and complaining and making punishment amazing. ”
Trump’s absence on the case means he will be left to his successor, Joe Biden, to seek revenge through sanctions, criminal charges or other means. In a statement on Thursday, the president-elect said his administration will “make tackling this breach a top priority from the moment we take office”.
The damage, however, could take years to heal. Thomas Bossert, Trump’s home security adviser this week, wrote in a New York Times column: “While the Russians did not have the time to take complete control of all the networks they built, they certainly did. they got over hundreds of them. It will take years to know which networks the Russians control and which ones they live on.
“The logical conclusion is that we must act as if the Russian government was in control of all the networks that it has entered into. But it is not clear what the Russians intend to do next. The access that the Russians now enjoy can be used for much more than just spying. ”