More details are coming out about The Wall Street Journal on Tuesday.. The suspected Russian hack was enabled by a back door built into software from Austin-based IT firm SolarWinds, according to a report from
The access point was apparently SolarWinds' Orion network management software. Once hackers added a backdoor to the Orion code, the "software connected to a server controlled by the hackers that allowed them to launch further attacks against the SolarWinds customer and to steal data," reported the Journal.
In a filing with the Securities and Exchange Commission on Monday, SolarWinds said the vulnerable Orion updates were delivered to customers between March and June, and as many as 18,000 customers may have downloaded the software. The Journal report, however, notes that "investigators expect the total number of victims to be much smaller."
SolarWinds declined to comment.
The hack was spotted a few weeks ago "only when a private cybersecurity firm, FireEye, alerted American intelligence that the hackers had evaded layers of defenses," according to The New York Times.
A coalition of tech firms seized a domain that was used in the hack, ZDNet reported on Tuesday. The move was taken to prevent the spread of further instructions to infected computers.
The Commerce Department confirmed the news of the hack over the weekend, with the Times reporting that other agencies including the State Department, the Pentagon and the Department of Homeland Security were also impacted.
"We can confirm there has been a breach in one of our bureaus," a Commerce spokesperson said on Sunday. "We have asked CISA and the FBI to investigate, and we cannot comment further at this time."
CNET's Steven Musil contributed to this report.