President Trump has yet to say anything about the attack.
Echoing the government’s warning, Microsoft said Thursday that it had identified 40 companies, government agencies and think tanks that the suspected Russian hackers, at a minimum, stole data from. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms, like FireEye, that are charged with securing vast sections of the public and private sector.
“It’s still early days, but we have already identified 40 victims — more than anyone else has stated so far — and believe that number should rise substantially,” Brad Smith, Microsoft’s president, said in an interview on Thursday. “There are more nongovernmental victims than there are governmental victims, with a big focus on I.T. companies, especially in the security industry.”
Officials have yet to publicly name the attacker responsible, but intelligence agencies have told Congress that they believe it was carried out by the S.V.R., an elite Russian intelligence agency. A Microsoft “heat map” of infections shows that the vast majority — 80 percent — are in the United States, while Russia shows no infections at all.
The government warning, issued by the Cybersecurity and Infrastructure Security Agency, did not detail the new ways that the hackers got into the government systems. But it confirmed suspicions expressed this week by FireEye, a cybersecurity firm, that there were almost certainly other routes that the attackers had found to get into networks on which the day-to-day business of the United States depend.
FireEye was the first to inform the government that the suspected Russian hackers had, since at least March, infected the periodic software updates issued by a company called SolarWinds, which makes critical network monitoring software used by the government, hundreds of Fortune 500 companies and firms that oversee critical infrastructure, including the power grid.