Cybersecurity firm: Booting hackers a complex chore

BOSTON (AP) — Efforts to assess the impact of a more than seven-month-old cyberespionage campaign blamed on Russia — and boot the intruders — remain in their early stages, says the cybersecurity firm that discovered the attack.

The hack has badly shaken the U.S. government and private sector. The firm, FireEye, released a tool and a white paper Tuesday to help potential victims scour their cloud-based installations of Microsoft 365 — where users’ emails, documents and collaborative tools reside — to determine if hackers broke in and remain active.

The aim is not just to ferret out and evict the hackers but to keep them from being able to re-enter, said Matthew McWhirt, the effort's team leader.

“There’s a lot of specific things you have to do — we learned from our investigations — to really eradicate the attacker," he said.

Since FireEye disclosed its discovery in mid-December, infections have been found at federal agencies including the departments of Commerce, Treasury, Justice and federal courts. Also compromised, said FireEye chief technical officer Charles Carmakal, are dozens of private sector targets with a high concentration in the software industry and Washington D.C. policy-oriented think tanks.

The intruders have stealthily scooped up intelligence for months, carefully choosing targets from the roughly 18,000 customers infected with malicious code they activated after sneaking it into an update of network management software first pushed out last March by Texas-based SolarWinds.

“We continue to learn about new victims almost every day. I still think that we’re still in the early days of really understanding the scope of the threat-actor activity,” said Carmakal.

The public has not heard much about who exactly was compromised...