US federal authorities have expressed increased alarm about a long-undetected intrusion into computer systems around the globe that officials suspect was carried out by Russian hackers.
The nation’s cybersecurity agency warned of a “grave” risk to government and private networks from the attack which appears to have begun last March.
The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message.
The Department of Energy acknowledged it was among those that had been hacked.
The attack, if authorities can prove it was carried out by Russia as experts believe, creates a fresh foreign policy problem for US President Donald Trump in his final days in office.
Mr Trump, whose administration has been criticised for eliminating a White House cybersecurity adviser and downplaying Russian interference in the 2016 presidential election, has made no public statements about the breach.
President-elect Joe Biden, who inherits a thorny US-Russia relationship, spoke forcefully about the hack, declaring that he and Vice President-elect Kamala Harris “will make dealing with this breach a top priority from the moment we take office”.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said.
“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.
“There’s a lot we don’t yet know, but what we do know is a matter of great concern.”
Tech giant Microsoft, which has helped respond to the breach, revealed late on Thursday that it had identified more than 40 government agencies, think tanks, non-governmental organisations and IT companies infiltrated by the hackers.
It said four in five were in the United States – nearly half of them tech companies – with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
“This is not ‘espionage as usual,’ even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world,” Microsoft said in a blog post.