The SolarWinds (SWI) - Get Report cyber attack that affected about 100 private companies and nine federal agencies was launched from inside the United States, a top White House official told reporters Wednesday.
The attack, which has been attributed to government actors in Russia, is being reviewed by the U.S. government in an investigation that could take months, Deputy National Security Adviser Anne Neuberger said in a press briefing, Bloomberg reported.
The government believes it is still in the beginning stages of understanding the scope of the attack and said that the number of affected victims could grow as it uncovers more of the plot.
Hackers believed to be linked to Russia’s foreign intelligence service inserted malware into software updates for SolarWinds’ Orion IT infrastructure management software between March and June 2020.
Entities including the State Department, Treasury and Homeland Security and the Commerce and Energy Department, including its nuclear weapons agency were targeted in the attack.
Earlier this month, President Joe Biden said that the U.S. has "elevated the status of cyber issues within our government," according to Bloomberg.
The Redmond, Wash.-based company said it found no evidence hackers had accessed production services or customer data, nor that they had used Microsoft's systems to attack others. But an investigation did reveal a lone internal account that was used to view source code "in a number of source code repositories.
Meanwhile, SolarWinds hired a new consulting business led by Chris Krebs, the former director of the U.S. Cybersecurity and Infrastructure Security Agency, and Alex Stamos, Facebook's former chief security officer, to help the company respond to the cyber attack.