Washington (AFP)

A large-scale cyberattack on several government departments discovered last weekend in the United States is still ongoing and the government is trying to measure the extent of the damage, according to US intelligence agencies.

"This is an evolving situation and we continue to work to take the full measure of this campaign knowing that networks have been affected inside the federal government," said Wednesday evening in a joint statement on FBI (Federal Police), Director of National Intelligence and the Cybersecurity and Infrastructure Security Agency (Cisa) which reports to the Department of Homeland Security (DHS).

These agencies have formed a coordination unit and meetings are held daily at the White House to develop the response of the US government, which had confirmed Sunday evening to have been the victim of a cyberattack.

White House national security adviser Robert O'Brien cut short a trip to the Middle East and Europe to return to Washington on Tuesday to deal with the fallout from the cyberattack.

The FBI said it had opened an investigation to identify and prosecute those responsible for the intrusion.

In addition to DHS, the departments of Treasury and Commerce as well as several federal agencies have been affected, according to press reports.

The methods used bear the mark of a state actor, according to Microsoft, which has not designated a country.

Several American media have singled out the Russian group "APT29", also known as "Cozy Bear".

According to the Washington Post, this group is part of Moscow's intelligence services and has already hacked into the US administration during Barack Obama's presidency.

US Secretary of State Mike Pompeo appeared to target Moscow when he said on Monday that the Russian government had made repeated attempts to break into US government networks.

The Russian Embassy in the United States has assured that "Russia does not conduct offensive operations in cyberspace".

- Up to 18,000 customers -

The attack began in March, with hackers taking advantage of an update to monitoring software developed by a Texas company, SolarWinds, used by tens of thousands of businesses and governments around the world.

It continued for months before being discovered by the computer security group FireEye, itself the victim of cyber attacks last week.

According to FireEye, governments and companies in the consulting, technology and energy sectors have been targeted in North America, Europe, Asia and the Middle East.

SolarWinds reported that up to 18,000 customers, including large corporations and US government agencies, had downloaded software updates, allowing hackers to gain access to e-mail exchanges.

The content that the pirates sought to steal and the possible success of their attempts are not yet known.

Faced with this growing threat, Cisa ordered all US federal agencies to immediately disconnect from the SolarWinds platform.

© 2020 AFP