The number of victims is estimated to be in the tens of thousands and could rise, some security experts believe, as the investigation into the breach continues.
The hackers had stealthily attacked several targets in January, according to Volexity, the cybersecurity firm that discovered the hack, but escalated their efforts in recent weeks as Microsoft moved to repair the vulnerabilities exploited in the attack.
The US government’s cybersecurity agency issued an emergency warning on Wednesday, amid concerns that the hacking campaign had affected a large number of targets.
The warning urged federal agencies to immediately patch their systems. On Friday, cybersecurity reporter Brian Krebs reported that the attack had hit at least 30,000 Microsoft customers.
“We’re concerned that there are a large number of victims,” the White House press secretary, Jen Psaki, said during a press briefing on Friday. The attack “could have far-reaching impacts,” she added.
Federal officials were struggling to understand how the latest hack compared with last year’s intrusion into a variety of federal agencies and corporate systems by Russian hackers in what has become known as the SolarWinds attack.
In that incident, the Russian hackers planted code in an update of the SolarWinds network management software.