“This hack was so big in scope that even our cybersecurity experts don’t have a real sense yet in terms of the breadth of the intrusion itself,” adding that it would take some time to fully vet all the agencies and targets.

The breach appeared to provide President-elect Joe Biden with an immediate headache when he takes office on Jan. 20. His transition team’s executive director Yohannes Abraham told reporters on Friday there would be “substantial costs” and the incoming administration “will reserve the right to respond at a time and in a manner of our choosing, often in close coordination with our allies and partners.”

The Cybersecurity and Infrastructure Security Agency said in its most detailed comments yet that the intrusion had compromised federal agencies as well as critical infrastructure in a sophisticated attack that was hard to detect and will be difficult to undo
This threat actor has demonstrated sophistication and complex tradecraft in these intrusions, the agency said in its unusual alert. CISA expects that removing the threat actor from compromised environments will be highly complex and challenging.

The U.S. National Security Agency issued a rare “cybersecurity advisory” Thursday detailing how certain Microsoft Azure cloud services may have been compromised by hackers and directing users to lock down their systems.

“Like other SolarWinds customers, we have been actively looking for indicators of this actor and can confirm that we detected malicious Solar Winds binaries in our environment, which we isolated and removed,” a Microsoft spokesperson said, adding that the company had found “no indications that our systems were used to attack others.”