(AP) — Experts say it’s going to take months to kick elite hackers widely believed to be Russian out of U.S. government networks.
The hackers have been quietly rifling through those networks for months in Washington’s worst cyberespionage failure on record.
Experts say there simply are not enough threat-hunting teams to identify all the government and private-sector systems that may have been hacked.
FireEye is the cybersecurity company that discovered the worst-ever intrusion into U.S. agencies and was among the victims. It has already tallied dozens of casualties. It’s racing to identify more.
This week, the cybersecurity unit of the Department of Homeland Security says the hack “poses a grave risk” to the U.S. government and state and local governments as well as critical infrastructure and private business.
"CISA has determined that this threat poses a grave risk to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations," the alert issued by the agency said. "CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations."
While President Trump has downplayed Russia's involvement, Secretary of State Mike Pompeo has said, "this was a very significant effort and I think it’s the case that now we can say pretty clearly that it was the Russians that engaged in this activity."
Officials at the White House had been prepared to put out a statement Friday afternoon that accused Russia of being “the main actor” in the hack, but were told at the last minute to stand down, according to one U.S. official familiar with the conversations who spoke on condition of anonymity to discuss private deliberations.