SolarWinds hack compromised federal government networks, full damage yet unknown: Federal officials

Hackers compromising SolarWinds software have infiltrated federal government networks, according to the FBI, federal cybersecurity officials and the intelligence community.

SolarWinds is a Texas-based software company that has serviced many government agencies and large corporations worldwide. The hack of SolarWinds’ software is widely suspected to be attributable to Russia, which has denied involvement.

As the federal government works to investigate and mitigate the hackers’ threat, the FBI, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency said they are coordinating an all-of-government response to determine details about what the hackers have done.

“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the FBI, ODNI and CISA said in a statement.

The federal officials’ statement said they became aware of the cyber breach “over the course of the past several days.” FireEye, a cybersecurity firm and SolarWinds customer, appears to be the first to have detected the cyberespionage campaign and began notifying victims. Among the targets of the hack were the U.S. departments of Treasury and Commerce.

Full details on what federal agencies were breached has not been made public and rankled members of Congress.

Sen. Richard Blumenthal, Connecticut Democrat, tweeted that a Senate Armed Services Committee classified briefing Tuesday about “Russia’s cyberattack” made him “deeply alarmed, in fact downright scared.”

“Americans deserve to know what’s going on,” Mr. Blumenthal tweeted. “Declassify what’s known & unknown.”

The House Intelligence Committee was briefed on Wednesday by the FBI, Department of Homeland Security, and National Security Agency about the cyber problem and Sen. Richard Durbin, Illinois Democrat, told CNN, “this is virtually a declaration of war by Russia on the United States, and we should take that seriously.”

The Pentagon said Wednesday in a statement that it had found no evidence of compromise affecting its classified and unclassified networks.

• This story is based in part on wire service reports.