At least 250 federal agencies and top enterprises in the US have been compromised by suspected Russia-backed hackers. The hackers attained access by infiltrating into 'SolarWinds Orion' monitoring and management software.
US Senator Mark Warner (D-Virginia) was quoted saying in a report from The New York Times that the hack looked "much, much worse" than he first feared.
"The size of it keeps expanding. It's clear the United States government missed it," he further added.
The report says that as businesses such as Amazon and Microsoft that provide cloud services dig deeper for evidence. "It now appears Russia exploited multiple layers of the supply chain to gain access to as many as 250 networks".
Microsoft said the hackers compromised 'SolarWinds' software allowing them to "impersonate any of the organisation's existing users and accounts including highly privileged accounts."
"We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories," said Microsoft earlier.
The company further said, "The account did not have permissions to modify any code or engineering systems and "our investigation further confirmed no changes were made. These accounts were investigated and remediated"
The initial estimates were that Russian hackers compromised 18,000 government and private networks.
Reports suggest some of the compromised 'SolarWinds' software were engineered in Eastern Europe. American investigators are now examining if the incursion originated where Russian intelligence operatives are deeply rooted.
The Cybersecurity and Infrastructure Security Agency (CISA) has also warned that US federal agencies must update the hacked 'Solarwinds Orion' software or take all its apps offline.