Multiple arms of the US government, as well as private sector players, have been hit by what appears to have been a cyber attack of an unprecedented scale. The Cybersecurity and Infrastructure Security Agency described the hack as a "grave risk" to both public and private networks.
The US Department of Energy was among the affected branches of government and had earlier released a statement confirming this. The data breach was at least in part due to vulnerabilities with Orion software from SolarWinds, an IT management vendor widely contracted by US government agencies and private sector firms.
Microsoft alone identified over 40 clients who were compromised as part of the attack, and the vulnerability could potentially affect as many as 17,000 SolarWinds customers. An attack heatmap shared by Microsoft seems to add credence to a Russian source of origin for the hack. The map indicates that targets across the world (apart from Russia) were affected, though 80 percent of affected systems were in the United States.
Due to the attackers obfuscating data during exfiltration, it's still unclear as to exactly what kind of damage has been done.