Skip to main content

WATCH LIVE: San Diego congressional delegates discuss the $1.9 trillion stimulus package (Posted 03/5/21 at 2 p.m.)

LATEST UPDATES: Tracking COVID-19 | Vaccines | Racial Justice

U.S. Cyber Agency: SolarWinds Attack Hitting Local Governments

Photo caption:

Photo by Olivier Douliery AFP via Getty Images

The far-reaching SolarWinds hack has hit not only federal agencies such as the Department of the Treasury, but computer systems for local U.S. governments as well.

Updated at 3:30 a.m. ET

A U.S. cybersecurity agency said Wednesday that the far-reaching attack into the IT management company SolarWinds discovered earlier this month has infected more systems than previously thought.

The U.S. Cybersecurity and Infrastructure Security Agency, also known as CISA, said Wednesday that the hack not only affected key federal agencies, but also computer systems used by state and local governments, critical infrastructure entities and other private sector organizations.

There is also evidence that other networking software may have been compromised, CISA said. The cybersecurity agency said it is investigating signs of abuse of Security Assertion Markup Language (SAML) tokens as well. SAML tokens are complex password handlers that allow different programs to communicate, allowing for one single log-in to access various services.

The hackers attached malware to a software update for SolarWinds' Orion system, which is used by many federal agencies and thousands of companies worldwide to monitor their computer networks. It's known that the hack has so far infected several computer systems within the U.S. government, including at the departments of Treasury, Commerce, and Energy. Microsoft has said at least 40 of its customers were also affected by the hack.

CISA said that the agency is "tracking a significant cyber incident" having an impact on networks across federal, state, and local governments. The message shared by CISA on Wednesday didn't detail which local governments or other entities may have been affected by the malware and details remain scarce.

"This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked," CISA said in its message posted online.

Russia's foreign intelligence service, the SVR, is believed to have carried out the hack. Kremlin officials have denied this charge.

Reuters has previously reported that Pima County, Arizona was among the targets of the attack.

SolarWinds says that nearly 18,000 of its customers received the software update that included the malware from March to June of this year.

Copyright 2020 NPR. To see more, visit


San Diego News Now podcast branding

San Diego news; when you want it, where you want it. Get local stories on politics, education, health, environment, the border and more. New episodes are ready weekday mornings. Hosted by Anica Colbert and produced by KPBS, San Diego and the Imperial County's NPR and PBS station.

  • Need help keeping up with the news that matters most? Get the day's top news — ranging from local to international — straight to your inbox each weekday morning.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Curious San Diego banner

Want more KPBS news?
Find us on Twitter and Facebook, or sign up for our newsletters.

To view PDF documents, Download Acrobat Reader.