The scale of a sophisticated cyberattack on the U.S. government that was unearthed this week is much bigger than first anticipated.
The Cybersecurity and Infrastructure Security Agency said in a summary Thursday that the threat “poses a grave risk to the federal government.”
It added that “state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations” are also at risk.
CISA believes the attack began at least as early as March. Since then, multiple government agencies have reportedly been targeted by the hackers, with confirmation from the Energy and Commerce departments so far.
“This threat actor has demonstrated sophistication and complex tradecraft in these intrusions,” CISA said. “Removing the threat actor from compromised environments will be highly complex and challenging.”