By Raphael Satter
WASHINGTON (Reuters) – The U.S. cybersecurity agency said on Wednesday that a sprawling cyber espionage campaign made public earlier this month is affecting state and local governments, although it released few additional details.
The hacking campaign, which used U.S. tech company SolarWinds as a springboard to penetrate federal government networks, was “impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations,” the Cybersecurity and Infrastructure Security Agency (CISA) said in a statement posted to its website.
The CISA said last week that U.S. government agencies, critical infrastructure entities, and private groups were among those affected, but did not specifically mention state or local bodies. So far only a handful of federal government agencies have officially confirmed having been affected, including the U.S. Treasury Department, the Commerce Department, and the Department of Energy.
CISA did not identify the state or local agencies affected and did not immediately return an email seeking additional detail on the notice.
Reuters has previously reported that Pima County, Arizona was among the victims of the wave of intrusions.
The county did not immediately return a message seeking comment late Wednesday. The county’s chief information officer previously told Reuters his team had taken its SolarWinds software offline immediately after the hack became public and that investigators had not found any evidence of a further compromise.
Senior U.S. officials and lawmakers have alleged that Russia is to blame for the hacking spree, a charge the Kremlin denies.
Reporting by Raphael Satter; Editing by Christian Schmollinger and Raju Gopalakrishnan.