PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

US: Hack on Government Agencies Goes Beyond SolarWinds Users

The alert from the Cybersecurity and Infrastructure Security Agency (CISA) also warns that removing the hackers from compromised systems won't be easy.

Michael Kan
 & Michael Kan Principal Reporter

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS

(Credit: Shutterstock)


The massive hack against the US government may be much worse than previously thought. 

On Thursday, Politico reported the hackers broke into the US Energy Department and National Nuclear Security Administration, which maintains the country's nuclear weapons stockpile. However, it remains unclear what the culprits might have accessed.

On the same day, the cybersecurity division under the Department of Homeland Security warned the massive breach was pulled off using a variety of tactics. “CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” the Cybersecurity and Infrastructure Security Agency said in the alert

The additional "access vectors" refers to a report from the cybersecurity firm Volexity, wihch revealed evidence the same culprits hacked a think tank by exploiting a vulnerability in its Microsoft Exchange Control Panel. The attackers then bypassed the multi-factor authentication system to access a victim's email inbox.

As a result, it’s possible the culprits behind the breach may have hit more victims through other vulnerable software. The other bad news deals with recovering from the attack. “CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations,” the agency added. 

Recommended by Our Editors

Security Firm FireEye Hacked by State-Sponsored Group
Security Firm FireEye Hacked by State-Sponsored Group
iOS Flaw Could've Let Hackers Take Over Nearby iPhones in Seconds
iOS Flaw Could've Let Hackers Take Over Nearby iPhones in Seconds
Microsoft: State-Sponsored Hackers Spotted Infiltrating COVID-19 Vaccine Research
Microsoft: State-Sponsored Hackers Spotted Infiltrating COVID-19 Vaccine Research

CISA's alert goes on to describe the threat as a “grave risk” to not only the federal government, but also to state, local, and tribal governments, in addition to organizations that run the US’s critical infrastructure. Investigators currently believe the breach began in March.

CISA refrained from naming specific victims. But according to The Washington Post, the suspected Russian state-sponsored hackers hit several federal agencies, including DHS and the State, Commerce, and Treasury Departments. The attackers did so by tampering with software updates from IT company SolarWinds, enabling the culprits to distribute malicious computer code to about 18,000 customers. 

As the US grapples with the hack’s full scope, lawmakers are concerned the breach may have also ensnared US taxpayer data since the IRS appears to have been a SolarWinds customer. 

On Thursday, Senators Chuck Grassley (R-Iowa) and Ron Wyden (D-Oregon) sent a letter to the IRS’s commissioner demanding a briefing on the matter. “It is imperative that we understand the extent to which the IRS may have been compromised. It is also critical that we understand what actions the IRS is taking to mitigate any potential damage," the senators wrote. 

The IRS did not immediately respond to a request for comment. In the meantime, the incoming Biden administration has said it'll make "cybersecurity a top priority at every level of the government" in response to the hack.

"But a good defense isn't enough; we need to disrupt and deter our adversaries from undertaking significant cyber attacks in the first place," the statement from the Biden transition team added.

About Our Expert

Michael Kan

Michael Kan

Principal Reporter

My Experience

I've been a journalist for over 15 years. I got my start as a schools and cities reporter in Kansas City and joined PCMag in 2017, where I cover satellite internet services, cybersecurity, PC hardware, and more. I'm currently based in San Francisco, but previously spent over five years in China, covering the country's technology sector.

Since 2020, I've covered the launch and explosive growth of SpaceX's Starlink satellite internet service, writing 600+ stories on availability and feature launches, but also the regulatory battles over the expansion of satellite constellations, fights with rival providers like AST SpaceMobile and Amazon, and the effort to expand into satellite-based mobile service. I've combed through FCC filings for the latest news and driven to remote corners of California to test Starlink's cellular service.

I also cover cyber threats, from ransomware gangs to the emergence of AI-based malware. In 2024 and 2025, the FTC forced Avast to pay consumers $16.5 million for secretly harvesting and selling their personal information to third-party clients, as revealed in my joint investigation with Motherboard.

I also cover the PC graphics card market. Pandemic-era shortages led me to camp out in front of a Best Buy to get an RTX 3000. I'm now following how the AI-driven memory shortage is impacting the entire consumer electronics market. I'm always eager to learn more, so please jump in the comments with feedback and send me tips.

The Best Tech I've Had:

  • My first video game console: a Nintendo Famicom
  • I loved my Sega Saturn despite PlayStation's popularity.
  • The iPod Video I received as a gift in college
  • Xbox 360 FTW
  • The Galaxy Nexus was the first smartphone I was proud to own.
  • The PC desktop I built in 2013, which still works to this day.

Read the latest from Michael Kan

Read full bio