In addition, two people familiar with the broader government investigation into the attack said three states were breached, though they wouldn’t identify the states. A third person familiar with the probe confirmed that states were hacked but didn’t provide a number. In an advisory Thursday that signaled the widening alarm over the the breach, the Cybersecurity and Infrastructure Security Agency said the hackers posed a “grave risk” to federal, state and local governments, as well as critical infrastructure and the private sector. The agency said the attackers demonstrated “sophistication and complex tradecraft.”
The U.S. nuclear weapons agency and at least three states were hacked as part of a suspected Russian cyber attack that struck a number of federal government agencies. Microsoft Corp. was also breached, and its products were used to further attacks on others, Reuters reported. Bloomberg reports: The Energy Department and its National Nuclear Security Administration, which maintains America’s nuclear stockpile, were targeted as part of the larger attack, according to a person familiar with the matter. An ongoing investigation has found the hack didn’t affect “mission-essential national security functions,” Shaylyn Hynes, a Department of Energy spokeswoman, said in a statement. “At this point, the investigation has found that the malware has been isolated to business networks only,” Hynes said. The hack of the nuclear agency was reported earlier by Politico.