The U.S. will be forced to retaliate against Russia for its latest cyberattack against the U.S. federal government and military - now regarded as the most serious.
The full extent of the hack by a Russian state-sponsored group called Advanced Persistent Threat 29, or Cozy Bear, is coming to light.
The attack is the most serious breach of U.S. cybersecurity and damaged national security.
President Donald Trump, who has often been criticized for his ties to Russia, has not commented on the attack.
President-elect Joe Biden has criticized Russia. He declared he and vice president-elect Kamala Harris "will make dealing with this breach a top priority from the moment we take office."
"We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place," he said.
"We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.
"There's a lot we don't yet know, but what we do know is a matter of great concern," he said.
"Public servants are "working around-the-clock to respond to this attack."
The National Security Council has been coordinating the agencies' response. U.S. Cyber Command is investigating the exploit and will likely be ordered "to respond."
"They are going to have to respond," asserted a national security official.
Another U.S. official confirmed the hack was severe and extremely damaging.
"This is looking like it's the worst hacking case in the history of America," the official said. "They got into everything."
One national security official described the atmosphere within the government as "chaos" in the wake of the Russian attacks.
"We're honestly just trying to get a handle on what it all means and what or how much was stolen or made vulnerable," said one congressional aide.
Among the many federal government units compromised by the Russia intrusions were the Department of the Treasury, the Department of Homeland Security, the Department of State, the Department of Commerce and the Department of Defense. This list is likely "only the tip of the iceberg," according to one national security official.
Also hit were the National Telecommunications and Information Administration and the National Institutes of Health.
Cybersecurity experts fear the consequences of the attack, which was first revealed by Reuters late Sunday, might be "really, really bad." Russians might have been stealing sensitive information for as long as eight months.
The attackers tampered with online software updates provided by IT company SolarWinds, Inc. Intercepting these updates allowed the Russians to distribute malicious computer code to about 18,000 SolarWinds customers.
Among these customers are 425 of U.S. Fortune 500 companies and "all five branches of the U.S. military."
