Hack against US is 'grave' threat, cybersecurity agency says

Full Screen
1 / 3

Copyright 2019 The Associated Press. All rights reserved.

FILE - The U.S. Treasury Department building viewed from the Washington Monument, Wednesday, Sept. 18, 2019, in Washington. Hackers got into computers at the U.S. Treasury Department and possibly other federal agencies, touching off a government response involving the National Security Council. Security Council spokesperson John Ullyot said Sunday, Dec. 13, 2020 that the government is aware of reports about the hacks. (AP Photo/Patrick Semansky, file)

WASHINGTON – Federal authorities expressed increased alarm Thursday about a long-undetected intrusion into U.S. and other computer systems around the globe that officials suspect was carried out by Russian hackers. The nation's cybersecurity agency warned of a “grave” risk to government and private networks.

The hack compromised federal agencies and “critical infrastructure” in a sophisticated attack that was hard to detect and will be difficult to undo, the Cybersecurity and Infrastructure Security Agency said in an unusual warning message. The Department of Energy acknowledged it was among those that had been hacked.

The attack, if authorities can prove it was carried out by Russia as experts believe, creates a fresh foreign policy problem for President Donald Trump in his final days in office.

Trump, whose administration has been criticized for eliminating a White House cybersecurity adviser and downplaying Russian interference in the 2016 presidential election, has made no public statements about the breach.

President-elect Joe Biden, who inherits a thorny U.S.-Russia relationship, spoke forcefully about the hack, declaring that he and Vice President-elect Kamala Harris “will make dealing with this breach a top priority from the moment we take office.”

“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” he said. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”

“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” Biden said.

CISA officials did not respond to questions and so it was unclear what the agency meant by a “grave threat” or by “critical infrastructure” possibly targeted in the attack that the agency says appeared to have begun last March. Homeland Security, the agency's parent department, defines such infrastructure as any “vital” assets to the U.S. or its economy, a broad category that could include power plants and financial institutions.