Earlier, reports emerged in mid-December that hackers had infiltrated various government agencies through a system update initiated by SolarWinds’ Orion software, which was previously used by major entities, including the US Departments of Homeland Security, Commerce and Treasury.
Anne Neuberger, the deputy national security adviser for cyber and emerging technology, reiterated during a Wednesday White House briefing that the US government continues to believe the SolarWinds hack was “likely of Russian origin.”
Neuberger estimated that about 18,000 entities – many of which were technology companies – had downloaded the SolarWinds software update. She did not state whether a motive has been established by investigators.
Based in Austin, Texas, the SolarWinds tech company previously disclosed that up to 18,000 of its customers had been potentially affected by the security breach.
“It’ll take us time to uncover this layer by layer,” she added, telling a reporter that it may take “several months” before officials are able to get a better understanding of how far the hack expanded and who was involved.
The adviser’s update on the matter came more than a month after several US intelligence agencies released a statement concluding that “an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks.”
At the time, officials indicated that they believed the hack was part of an elaborate initiative to gather intelligence on the US government.
Early accusations stemming from the SolarWinds hack were quickly linked to Russia as former US Secretary of State Mike Pompeo deemed Moscow was responsible. At the time, then-US President-elect Joe Biden stated he would consider imposing sanctions against Russia as punishment.
US officials anticipate additional compromises may surface amid the ongoing investigation. Neuberger also underscored that the Biden administration may soon take executive action to address any security “gaps” that come up within the probe.