Close to 200 organizations allegedly hacked by Russia: cybersecurity firm

Close to 200 organizations were hacked by Russia as part of the cybersecurity attack on SolarWinds, a third party software contractor, that has compromised multiple government agencies, Bloomberg News reported.

Massachusetts-based cyber security firm Recorded Future identified 198 organizations that were hacked by a malicious update, threat analyst Allan Liska told the news outlet. 

Three people familiar with the inquiry told Bloomberg the hack further compromised at least 200 victims by attempting to move in their computer networks or gain user credentials.


About 18,000 SolarWinds customers received the malicious update, according to Bloomberg. Of that number, more than 1,000 experienced a malicious code ping that gave hackers further access to sensitive networks. 

The identities of the victims were not provided to Bloomberg, and the number is expected to grow as the investigation continues.

The firm said in a statement to The Hill that it used open source datasets and information provided by the security researcher community to "identify a likely partial list of organizations affected by the SolarWinds backdoor."
It added that "work across the industry remains ongoing" to obtain a fuller picture.  

The statement added that it's not able to determine exactly how many or which organizations were affected. 
However, it said that the number of affected organizations will likely be smaller than those that installed the malicious software.
A SolarWinds spokesperson told The Hill that it "continues collaborating closely with our customers, security professionals, law enforcement and intelligence communities across the globe to determine the responsible parties for this attack and whether the attack against us and our customers was directed by a foreign government, and to gather all relevant and accurate information to assist the community." 

The analysis comes as America grapples with the fallout of the hack, which some have suggested could have amounted to an act of war. The Cybersecurity and Infrastructure Protection Agency said this week that the attack posed a “grave risk” to government and private sector organizations.

Reuters first reported last Sunday that the Treasury Department and an agency in the Commerce Department were compromised as part of the breach into SolarWinds. The Washington Post later reported that Russian military intelligence unit “Cozy Bear” was allegedly behind the attack.

During an interview on “The Mark LevinMark Reed LevinDemocrats, GOP face crowded primaries as party leaders lose control Boehner on Bachmann: Right-wing media made 'people who used to be fringe characters into powerful media stars' Boehner says he called Hannity 'a nut' during tense 2015 phone call MORE Show” Friday, Secretary of State Mike PompeoMike PompeoThe Hill's Morning Report - After high-stakes Biden-Putin summit, what now? Nikki Haley warns Republicans on China: 'If they take Taiwan, it's all over' The Hill's Morning Report - Dems to go-it-alone on infrastructure as bipartisan plan falters MORE said “we can say pretty clearly that it was the Russians that engaged in the activity.”


Yet President TrumpDonald TrumpChinese apps could face subpoenas, bans under Biden executive order: report Kim says North Korea needs to be 'prepared' for 'confrontation' with US Ex-Colorado GOP chair accused of stealing more than 0K from pro-Trump PAC MORE downplayed the hack on Saturday, questioning whether Russia was really behind the cyber attack, saying on Twitter that “everything is well under control.”

“Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!),” Trump tweeted. 

Multiple government agencies were reported to have been compromised over the past week, including the State Department, Department of Defense and agencies within the Department of Energy.

Updated on Dec. 20 at 9:06 a.m.