US cyber agency says SolarWinds hackers are 'impacting' state, local governments

Pima County, Arizona's chief information officer said his team had taken its SolarWinds software offline immediately after the hack became public. PHOTO: REUTERS

WASHINGTON (REUTERS) - The US cybersecurity agency said on Wednesday (Dec 23) that a sprawling cyber espionage campaign made public earlier this month is affecting state and local governments, although it released few additional details.

The hacking campaign, which used US tech company SolarWinds as a springboard to penetrate federal government networks, was "impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organisations,"the Cybersecurity and Infrastructure Security Agency (Cisa) said in a statement posted to its website.

The Cisa said last week that US government agencies, critical infrastructure entities, and private groups were among those affected, but did not specifically mention state or local bodies.

So far only a handful of federal government agencies have officially confirmed having been affected, including the US Treasury Department, the Commerce Department, and the Department of Energy.

Cisa did not identify the state or local agencies affected and did not immediately return an email seeking additional detail on the notice.

Reuters has previously reported that Pima County, Arizona was among the victims of the wave of intrusions.

The county did not immediately return a message seeking comment late Wednesday.

The county's chief information officer previously told Reuters his team had taken its SolarWinds software offline immediately after the hack became public and that investigators had not found any evidence of a further compromise.

Senior US officials and lawmakers have alleged that Russia is to blame for the hacking spree, a charge the Kremlin denies.

Join ST's Telegram channel and get the latest breaking news delivered to you.