© 2023 90.5 WESA
Play Live Radio
Next Up:
Available On Air Stations

U.S. Cyber Agency: SolarWinds Attack Hitting Local Governments

The far-reaching SolarWinds hack has hit not only federal agencies such as the Department of the Treasury, but computer systems for local U.S. governments as well.
Olivier Douliery
AFP via Getty Images
The far-reaching SolarWinds hack has hit not only federal agencies such as the Department of the Treasury, but computer systems for local U.S. governments as well.

Updated at 3:30 a.m. ET

A U.S. cybersecurity agency said Wednesday that the far-reaching attack into the IT management company SolarWinds discovered earlier this month has infected more systems than previously thought.

The U.S. Cybersecurity and Infrastructure Security Agency, also known as CISA, said Wednesday that the hack not only affected key federal agencies, but also computer systems used by state and local governments, critical infrastructure entities and other private sector organizations.

There is also evidence that other networking software may have been compromised, CISA said. The cybersecurity agency said it is investigating signs of abuse of Security Assertion Markup Language (SAML) tokens as well. SAML tokens are complex password handlers that allow different programs to communicate, allowing for one single log-in to access various services.

The hackers attached malware to a software update for SolarWinds' Orion system, which is used by many federal agencies and thousands of companies worldwide to monitor their computer networks. It's known that the hack has so far infected several computer systems within the U.S. government, including at the departments of Treasury, Commerce, and Energy. Microsoft has said at least 40 of its customers were also affected by the hack.

CISA said that the agency is "tracking a significant cyber incident" having an impact on networks across federal, state, and local governments. The message shared by CISA on Wednesday didn't detail which local governments or other entitiesmay have been affected by the malware and details remain scarce.

"This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked," CISA said in its message posted online.

Russia's foreign intelligence service, the SVR, is believed to have carried out the hack. Kremlin officials have denied this charge.

Reuters has previously reported that Pima County, Arizona was among the targets of the attack.

SolarWinds says that nearly 18,000 of its customers received the software update that included the malware from March to June of this year.

Copyright 2021 NPR. To see more, visit https://www.npr.org.

To make informed decisions, the public must receive unbiased truth.

As Southwestern Pennsylvania’s only independent public radio news and information station, we give voice to provocative ideas that foster a vibrant, informed, diverse and caring community.

WESA is primarily funded by listener contributions. Your financial support comes with no strings attached. It is free from commercial or political influence…that’s what makes WESA a free vital community resource. Your support funds important local journalism by WESA and NPR national reporters.

You give what you can, and you get news you can trust.
Please give now to continue providing fact-based journalism — a monthly gift of just $5 or $10 makes a big difference.