Microsoft announced that a suspected Russian hacking campaign has torn through the U.S. government and has zeroed in on more than 40 organizations.
According to NBC News, U.S. officials believe the campaign is the work of Russian intelligence and began as early as March of this year, though the breach was only discovered last week. It has broken into multiple federal agencies.
A multi-agency statement described the campaign as “ongoing” this week and left open the question of how many organizations were compromised and how badly each was affected.
Microsoft released a statement that provided the first detailed estimate of how widespread the hack is. While the company doesn’t have total clarity on the hacking campaign, it does give significant insight thanks to using Windows and their antivirus software used by the governments and many corporations.
In March, the hackers were able to get inside organizations by infiltrating “SolarWinds,” a relatively obscure technology company in Austin, Texas. SolarWinds lists a number of U.S. government agencies and major corporations as their customers.
In a Securities and Exchange Commission filing on Monday, SolarWinds noted that approximately 33,000 customers had likely downloaded the malicious and poisonous software update, though it estimated the actual number of victims was “fewer than 18,000.”
Most of the affected organizations are still unidentified. Three major targets have admitted to being hacked: the U.S. departments of Commerce and Energy and the cybersecurity company FireEye.