© 2024
NPR News, Colorado Stories
Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

U.S. Cyber Agency: SolarWinds Attack Hitting Local Governments

The far-reaching SolarWinds hack has hit not only federal agencies such as the Department of the Treasury, but computer systems for local U.S. governments as well.
Olivier Douliery
/
AFP via Getty Images
The far-reaching SolarWinds hack has hit not only federal agencies such as the Department of the Treasury, but computer systems for local U.S. governments as well.

A U.S. cybersecurity agency said Wednesday that the far-reaching attack into the IT management company SolarWinds discovered earlier this month has not only affected key federal agencies, but also computer systems used by state and local governments.

The hackers attached malware to a software update for SolarWinds' Orion system, which is used by many federal agencies and thousands of companies worldwide to monitor their computer networks. The hack infected several computer systems within the U.S. government, including at the departments of Treasury, Commerce, and Energy. Microsoft has said at least 40 of its customers were also affected by the hack.

The U.S. Cybersecurity and Infrastructure Security Agency, also known as CISA, said Wednesday that the agency is "tracking a significant cyber incident" having an impact on networks across federal, state, and local governments. Previously CISA reported just federal agencies and private companies were hit by the attack.

The message shared by CISA on Wednesday didn't detail which local governments may have been affected by the malware and details remain scarce.

"This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked," CISA said in its message posted online.

Russia's foreign intelligence service, the SVR, is believed to have carried out the hack. Kremlin officials have denied this charge.

Reuters has previously reported that Pima County, Arizona was among the targets of the attack.

SolarWinds says that nearly 18,000 of its customers received the software update that included the malware from March to June of this year.

Copyright 2020 NPR. To see more, visit https://www.npr.org.

Jaclyn Diaz
Jaclyn Diaz is a reporter on Newshub.