Russia hacking hit UK organisations, security source says
A small number of UK organisations are known to have been affected by a suspected Russian hacking campaign that has also penetrated top secret US government agencies.
No public sector bodies are yet known to be among the UK-based victims, according to a security source.
But British officials are investigating whether there has been any further impact against government departments and businesses after cyber security experts in the United States discovered the massive hacking campaign last week.
Paul Chichester, the director of operations at the UK's National Cyber Security Centre (NCSC), which is part of the spy agency GCHQ, urged companies to take "immediate steps" to protect their networks.
"This is a complex, global cyber incident, and we are working with international partners to fully understand its scale and any UK impact," he said in a statement.
"The NCSC is working to mitigate any potential risk, and actionable guidance has been published on our website."
The comments came as officials in the US, the UK and across the world were scrambling to understand the enormity of the attack, which looks to be unprecedented in terms of its penetration of the US security apparatus.
"This could be the most impactful national security breach - cyber breach - we have ever seen," said John Hultquist, senior director of analysis at Mandiant Threat Intelligence.
Mandiant is part of the cyber security company FireEye, which was the first to discover the breach when it found that its systems had been compromised.
After raising the alarm, it emerged that a number of US government departments, including the departments of defence, state, treasury and even the nuclear agency, had also been breached.
A spokeswoman has said there was no threat to the US nuclear weapons stockpile.
"They managed clearly to gain access to a lot of secure areas. They are going to be very hard to get out," Mr Hultquist told Sky News.
What appear to have been a highly sophisticated team of hackers used various ways to compromise public and private sector computer networks.
One was through a piece of software called Orion made by the technology firm SolarWinds.
Malicious code was inserted into an update for this software, used by thousands of customers. Once the update was installed the hackers had access to a trove of networks, including into the US Government and Microsoft.
But just the act of updating the infected software does not mean a system has been compromised.
With such a huge list of potential targets, it appears the hackers carefully selected the companies and government agencies they wanted to exploit.
They could do this by stealing secrets, changing important data or just sitting on systems spying. As things stand, the scale of the damage or potential theft is not yet known.
Ciaran Martin is the founder and former head of the NCSC who now works as a professor at the Blavatnik School of Government at Oxford University.
"It's one of the most significant cyber attacks, really that's ever been seen," he told Sky News.
"But based on what we know, at this point, it seems to be [for] traditional espionage, getting information from governments and companies, rather than altering data, destroying data, tampering with things and so forth but it remains to be seen, what the final picture tells us."
US media reports have said Russia's foreign intelligence service the SVR is suspected of being behind the attack. But the US government has yet to issue any formal attribution.
Donald Trump, the outgoing president, has yet even to make any public mention of the attack even though his successor, Joe Biden, has said dealing with the breach with be a "top priority" for his administration from the moment he takes office.
The Kremlin has denied any involvement.
Mr Hultquist said that whoever carried out the hack was a highly sophisticated operator.
"They are among the most advanced we have seen, if not the most," he said.
"They are very adept at counter forensics to stay below the radar."
This means that the hackers were careful to cover their tracks whenever they penetrated a network, making it hard - if not impossible - to know where they have gone and what they have seen.
"The proof [of their capability] is in the pudding," Mr Hultquist said.
"Just look at how many high value targets they were able to quietly compromise. It is almost all the evidence you need about how capable they are."
Reference: Deborah Haynes, foreign affairs editor
