As American federal authorities and cybersecurity experts rush to identify the full scope of the SolarWinds compromise, the list of known targets grows. The fallout from the cyberattack on the Texas-based software company appears to be vast, with a slew of powerful U.S. government agencies and businesses seemingly being infected by hackers who are believed to be affiliated with Russia.
SolarWinds says it has identified 18,000 customers potentially affected by the incident, which saw the culprits hijack software updates for a widely-used IT monitoring tool called "Orion" to spread malware, seemingly with the intention of espionage. The consequences of the brazen cyber-assault, which was first discovered by security firm FireEye after it too was infiltrated by the same group, are yet to be understood. But experts fear the hackers' access could be exploited to steal sensitive information or destroy and falsify government data, and warn it could take years to fix.
While the full list of victims is unclear and expanding almost daily Microsoft said its teams had identified more than 40 of its customers the attackers had aimed at "more precisely and compromised through additional and sophisticated measures."
It now seems likely the scope of the victims could be broad. Microsoft said the initial list included security, technology and non-governmental organizations (NGOs) alongside the government targets. It said 80 percent of attacks that it logged were U.S. based. "This is not 'espionage as usual,' even in the digital age. Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world," Brad Smith, president of the U.S. tech giant, wrote on Thursday.
"The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. government and the tech tools used by firms to protect them. The attack is ongoing," the executive continued. Analysis is ongoing to determine which companies were impacted by the hack, as just because an entity used Orion is not evidence that it was actively compromised.
Internet: <www.newsweek.com> (adapted).
Considering the text above, judge the following item.
Microsoft reported that over three-thirds of the cyberattacks happened to companies and organizations located in the USA.