President Trump has not yet said anything about the attack.
Microsoft reiterated the government’s warning, announcing on Thursday that it had identified 40 companies, government agencies and think tanks that at least the suspected Russian hackers had infiltrated. Nearly half are private technology firms, Microsoft said, many of them cybersecurity firms like FireEye, tasked with securing large swaths of the public and private sectors.
“It’s early days, but we have already identified 40 victims – more than anyone else has reported – and believe the number should increase significantly,” said Brad Smith, President of Microsoft, in an interview on Thursday. “There are more non-government victims than government victims, with an emphasis on IT companies, especially in the security industry.”
The Department of Energy and its National Nuclear Security Administration, which maintains US nuclear stocks, were compromised as part of the larger attack. However, the investigation found that the hack had no impact on national security functions essential to the mission, Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement.
“At this point, the investigation showed that the malware was only isolated for corporate networks,” said Ms. Hynes. The nuclear agency hack was previously reported by Politico.
Officials have not yet publicly named the attacker responsible, but intelligence agencies have told Congress that they believe this was done by the SVR, an elite Russian intelligence agency. A Microsoft heat map of infections shows that the vast majority – 80 percent – are in the US, while Russia has no infections at all.