London Daily

Focus on the big picture.
Thursday, Oct 30, 2025

Suspected Russian hack is much worse than first feared: Here's what you need to know

Suspected Russian hack is much worse than first feared: Here's what you need to know

The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated.

The Cybersecurity and Infrastructure Security Agency said in a summary Thursday that the threat “poses a grave risk to the federal government.”

It added that “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations” are also at risk.

CISA believes the attack began at least as early as March. Since then, multiple government agencies have reportedly been targeted by the hackers, with confirmation from the Energy and Commerce departments so far.

“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” CISA said. “Removing the threat actor from compromised environments will be highly complex and challenging.”

Russia accused


CISA has not said who it thinks is the “advanced persistent threat actor” behind the “significant and ongoing” campaign, but many experts are pointing to Russia.

“The magnitude of this ongoing attack is hard to overstate,” former Trump Homeland Security Advisor Thomas Bossert said in a piece for The New York Times on Thursday. “The Russians have had access to a considerable number of important and sensitive networks for six to nine months.”

Russian presidential spokesman Dmitry Peskov rejected the accusations, according to the Tass news agency.

“Even if it is true there have been some attacks over many months and the Americans managed to do nothing about them, possibly it is wrong to groundlessly blame Russians right away,” he told Tass. “We have nothing to do with this.”

The Russian Embassy in London did not immediately respond to CNBC’s request for comment.

The FBI said Wednesday it is “investigating and gathering intelligence in order to attribute, pursue, and disrupt the responsible threat actors.”

At this stage, it’s not clear what the hackers have done beyond accessing top-secret government networks and monitoring data.

Hackers also accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile, according to the Politico news site, citing officials familiar with the matter.

SolarWinds backdoor


CISA said those behind the attack used network management software made by SolarWinds, a Texas-headquartered IT firm, to breach the government networks.

As many as 18,000 SolarWinds Orion customers downloaded a software update that contained a backdoor, which the hackers used to gain access to the networks.


CISA issued an “emergency directive” this week instructing federal civilian agencies to “immediately disconnect or power down affected SolarWinds Orion products from their network.”

But the perpetrators may have used other means to access the networks. CISA said Thursday is investigating “evidence of additional access vectors, other than the SolarWinds Orion platform.”

Microsoft customers targeted


Microsoft was hacked in connection with the attack on SolarWinds’ widely used management software, Reuters reported Thursday.

Like with the cyberattack of SolarWinds, hackers infiltrated Microsoft products and then went after others, Reuters said, citing people familiar with the matter.

“We have been actively looking for indicators of this actor and can confirm that we detected malicious SolarWinds binaries in our environment, which we isolated and removed. We have not found evidence of access to production services or customer data,” a Microsoft spokesperson said in a statement shared with CNBC.

“Our investigations, which are ongoing, have found absolutely no indications that our systems were used to attack others,” they added.

Microsoft said that more than 40 client organizations were compromised in the attack.

“While roughly 80% of these customers are located in the United States, this work so far has also identified victims in seven additional countries,” Microsoft President Brad Smith said in a blog.

“This includes Canada and Mexico in North America; Belgium, Spain and the United Kingdom in Europe; and Israel and the UAE in the Middle East. It’s certain that the number and location of victims will keep growing.”

Smith added that “this is not espionage as usual” and “while governments have spied on each other for centuries, the recent attackers used a technique that has put at risk the technology supply chain for the broader economy.”


U.S. President-elect Joe Biden pledged Thursday to make cybersecurity a key area of focus for his administration.

“A good defense isn’t enough; We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said in a statement issued by his transition team.

“We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners. Our adversaries should know that, as President, I will not stand idly by in the face of cyber assaults on our nation.”

President Donald Trump, who has been silent about the hacking, threatened on Thursday to veto the National Defense Authorization Act, which includes money to help prevent such cyberattacks.

Newsletter

Related Articles

0:00
0:00
Close
UK and Vietnam Sign Landmark Migration Deal to Fast-Track Returns of Irregular Arrivals
UK Drug-Pricing Overhaul Essential for Life-Sciences Ambition, Says GSK Chief
Princesses Beatrice and Eugenie Temporarily Leave the UK Amid Their Parents’ Royal Fallout
UK Weighs Early End to Oil and Gas Windfall Tax as Reeves Seeks Investment Commitments
UK Retail Inflation Slows as Shop Prices Fall for First Time Since Spring
Next Raises Full-Year Profit Guidance After Strong Third-Quarter Performance
Reform UK’s Lee Anderson Admits to 'Gaming' Benefits System While Advocating Crackdown
United States and South Korea Conclude Major Trade Accord Worth $350 Billion
Hurricane Melissa Strikes Cuba After Devastating Jamaica With Record Winds
Vice President Vance to Headline Turning Point USA Campus Event at Ole Miss
U.S. Targets Maritime Narco-Routes While Border Pressure to Mexico Remains Limited
Bill Gates at 70: “I Have a Real Fear of Artificial Intelligence – and Also Regret”
Elon Musk Unveils Grokipedia: An AI-Driven Alternative to Wikipedia
Saudi Arabia Unveils Vision for First-Ever "Sky Stadium" Suspended Over Desert Floor
Amazon Announces 14 000 Corporate Job Cuts as AI Investment Accelerates
UK Shop Prices Fall for First Time Since March, Food Leads the Decline
London Stock Exchange Group ADR (LNSTY) Earns Zacks Rank #1 Upgrade on Rising Earnings Outlook
Soap legend Tony Adams, long-time star of Crossroads, dies at 84
Rachel Reeves Signals Tax Increases Ahead of November Budget Amid £20-50 Billion Fiscal Gap
NatWest Past Gains of 314% Spotlight Opportunity — But Some Key Risks Remain
UK Launches ‘Golden Age’ of Nuclear with £38 Billion Sizewell C Approval
UK Announces £1.08 Billion Budget for Offshore Wind Auction to Boost 2030 Capacity
UK Seeks Steel Alliance with EU and US to Counter China’s Over-Capacity
UK Struggles to Balance China as Both Strategic Threat and Valued Trading Partner
Argentina’s Markets Surge as Milei’s Party Secures Major Win
British Journalist Sami Hamdi Detained by U.S. Authorities After Visa Revocation Amid Israel-Gaza Commentary
King Charles Unveils UK’s First LGBT+ Armed Forces Memorial at National Memorial Arboretum
At ninety-two and re-elected: Paul Biya secures eighth term in Cameroon amid unrest
Racist Incidents Against UK Nurses Surge by 55%
UK Chancellor Rachel Reeves Cites Shared Concerns With Trump Administration as Foundation for Early US-UK Trade Deal
Essentra plc: A Closer Look at a UK ‘Penny Stock’ Opportunity Amid Market Weakness
U.S. and China Near Deal to Avert Rare-Earth Export Controls Ahead of Trump-Xi Summit
Justin time: Justin Herbert Shields Madison Beer with Impressive Reflex at Lakers Game
Russia’s President Putin Declares Burevestnik Nuclear Cruise Missile Ready for Deployment
Giuffre’s Memoir Alleges Maxwell Claimed Sexual Act with Clooney
House Republicans Move to Strip NYC Mayoral Front-Runner Zohran Mamdani of U.S. Citizenship
Record-High Spoiled Ballots Signal Voter Discontent in Ireland’s 2025 Presidential Election
Philippines’ Taal Volcano Erupts Overnight with 2.4 km Ash Plume
Albania’s Virtual AI 'Minister' Diella Set to 'Birth' Eighty-Three Digital Assistants for MPs
Tesla Unveils Vision for Optimus V3 as ‘Biggest Product of All Time’, Including Surgical Capabilities
Francis Ford Coppola Auctions Luxury Watches After Self-Financed Film Flop
Convicted Sex Offender Mistakenly Freed by UK Prison Service Arrested in London
United States and China Begin Constructive Trade Negotiations Ahead of Trump–Xi Summit
U.S. Treasury Sanctions Colombia’s President Gustavo Petro over Drug-Trafficking Allegations
Miss USA Crowns Nebraska’s Audrey Eckert Amid Leadership Overhaul
‘I Am Not Done’: Kamala Harris Signals Possible 2028 White House Run
NBA Faces Integrity Crisis After Mass Arrests in Gambling Scandal
Swift Heist at the Louvre Sees Eight French Crown Jewels Stolen in Under Seven Minutes
U.S. Halts Trade Talks with Canada After Ontario Ad Using Reagan Voice Triggers Diplomatic Fallout
Microsoft AI CEO: ‘We’re making an AI that you can trust your kids to use’ — but can Microsoft rebuild its own trust before fixing the industry’s?
×