U.S. officials says a, discovered a week ago and blamed on , was far more wide-reaching than previously thought, CBS News' Catherine Herridge reports.
The government's top cybersecurity agency says the hack compromised critical federal infrastructure, and according to reports, the breach struck at least seven government agencies — including the Department of Energy, which maintains the nation's nuclear weapons stockpile and operates the Los Alamos National Lab in New Mexico.
In a statement, the department said there is so far no evidence the hack impacted nuclear weapons security.
However, cybersecurity experts warn the damage done to the government's digital systems may take a long time to reverse.
"It's going to take a while for our forensic cyber sleuths to find out where this attack is, where the Russians have gotten their tentacles in," said former Principle Deputy Undersecretary for Homeland Intelligence Jack Thomas Tomarchio.
U.S. officials call the hack "highly complex" and a "grave risk." Tomarchio worries the full extent of the damage has not been realized.
"We don't have an easy fix here," he said. "I would say if you look at it as a hemorrhage, the hemorrhage is probably still happening."
The hackers made their move at least as early as March and remained undetected until last week.
They had broken into SolarWinds, a Texas-based software company, that served government agencies and manycompanies. Officials now say they managed to infect networks using other methods.
Sources tell CBS News thathas been briefed on the attack, but so far has made no public comments about it.
Some lawmakers are calling on Mr. Trump's administration to act now.
"In this setting, not to have the White House aggressively speaking out and protesting and taking punitive action is really, really quite extraordinary," Utah Republican Senatortold the Washington Post on SiriusXM.
Despite what U.S. officials are saying, Vladimir Putin's government denies involvement.
Microsoft confirmed it is a SolarWinds client on Thursday evening, and that the tech giant found malicious activity in its system. It also notes its customers were directly affected in at least eight countries including the U.S.
However, Russia appears to have not been affected.
for more features.