Agencies and companies sought to secure their computer networks after the United States and other nations confirmed that a widely used network software program had been hacked. The software is a network management system called SolarWinds.
SolarWinds is an American company that provides network and technical support services to hundreds of thousands of organizations worldwide. Users of its software products include most Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East. In the U.S., users include the military, the State Department and the White House.
The incident led the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a rare "emergency directive." The directive states that a "compromise of (SolarWind products) poses unacceptable risks to the security of federal networks."
CISA said the directive was issued so that government agencies and private companies could investigate possible hacking of their organizations and take steps to secure their computer networks.
The national cybersecurity agencies of Britain and Ireland issued similar warnings.
The hack is believed to have started as early as March. Experts say the attackers were able to secretly add computer code designed to steal information from network systems.
The attack was discovered after cybersecurity company FireEye confirmed that it was a victim of hacking. FireEye made that attack public earlier this month. While investigating its own hacking, it found that the attack was extremely widespread.
A FireEye vice president, Charles Carmakal, said the company was aware of many "high-value targets that have been compromised." The company said it was attempting to help a number of organizations deal with possible attacks. Carmakal said he expects many more organizations to learn in the coming days that they, too, were hacked.
U.S. officials said Sunday that federal agencies – including the Treasury and Commerce departments - were affected by the attack. The officials provided few details.
Hackers' identity unknown
The identity of the hackers remains unclear.
SolarWinds said it was advised that an "outside nation state" had attacked its systems. Neither the U.S. government nor the affected companies have publicly said which nation state they think is responsible.
One U.S. government official told The Associated Press Monday that Russian hackers are suspected. The official wanted to remain unnamed because of an ongoing investigation.
Unnamed sources told The Washington Post the attack is believed to have been carried out by Russian government hackers. The attackers - identified as APT29 or Cozy Bear - are thought to be part of Russia's foreign intelligence service.
In Moscow, a government spokesman rejected the idea that Russia was involved in the hacking.
Suzanne Spaulding is a former U.S. cybersecurity official who is now an adviser at the Washington-based Center for Strategic and International Studies. She told the AP the cyberattack is "a reminder that offense is easier than defense and we still have a lot of work to do."
Ben Buchanan is an expert on cyberattacks at Georgetown University in Washington D.C. He wrote the book "The Hacker and The State." Buchanan called the hacking incident "impressive, surprising and alarming."
Neither SolarWinds nor U.S. cybersecurity officials have publicly identified which organizations were affected. Experts say that just because a company or agency uses a SolarWinds product does not necessarily mean they were hacked. The code placed by the attackers is thought to have been added at the same time as a new software version was released by SolarWinds between March and June.
I'm Bryan Lynn.