A prominent cybersecurity firm says suspected state-backed Chinese hackers exploited widely used networking devices to spy for months on dozens of high-value government, defense industry and financial sector targets in the U.S. and Europe.

Facebook says hackers in China used fake accounts and impostor websites in a bid to break into the phones of Uyghur Muslims, Facebook announced Wednesday, March 24, 2021. (AP Photo/Jenny Kane, File)Hackers in China used fake Facebook accounts and impostor websites to try to break into the computers and smartphones of Uyghur Muslims, the social network said Wednesday. The hackers attempted to gain access to the computers and phones by creating fake Facebook accounts for supposed journalists and activists, as well as fake websites and apps intended to appeal to a Uyghur audience. In some cases, the hackers created lookalike websites almost identical to legitimate news sites popular with Uyghurs. FireEye, however, said in a statement that “we believe this operation was conducted in support” of the Chinese government.

FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify during a Senate Intelligence Committee hearing on Capitol Hill on Tuesday, Feb. 23, 2021 in Washington. In the first congressional hearing on the breach, representatives of technology companies involved in the response described a hack of almost breathtaking precision, ambition and scope. “We haven’t seen this kind of sophistication matched with this kind of scale,” Microsoft President Brad Smith told the Senate Intelligence Committee. U.S. national security officials have also said Russia was likely responsible for the breach, and President Joe Biden's administration is weighing punitive measures against Russia for the hack as well as other activities. Officials have said the motive for the hack, which was discovered by private security company FireEye in December, appeared to be to gather intelligence.

The cybersecurity firm that discovered a cyberespionage campaign that has badly shaken U.S. government agencies and the private sector says efforts to assess the impact and boot the intruders remain in their early stages. The hack has badly shaken the U.S. government and private sector. Also compromised, said FireEye chief technical officer Charles Carmakal, are dozens of private sector targets with a high concentration in the software industry and Washington D.C. policy-oriented think tanks. On top of that, he said, the hackers “will continue to obtain access to organizations. There will be new victims.”Microsoft disclosed on Dec. 31 t hat the hackers had viewed some of its source code.

The U.S. government on Tuesday, Jan. 5, 2021, said a devastating hack of federal agencies is likely Russian in origin and said the operation appeared to be an intelligence gathering effort. The Justice Department said that on Dec. 24 it detected "previously unknown malicious activity" linked to the broader intrusions of federal agencies revealed earlier that month, according to a statement from spokesman Marc Raimondi. Separately, the court office said on its website that “an apparent compromise” of the U.S. judiciary's case management and electronic case file system was under investigation. The actual reach is probably significant,” said a federal court official who spoke on condition of anonymity because they were not authorized to disclose the information. Rid wondered how sure the Justice Department could be about the extent of its compromise.

Experts say its going to take months to kick elite hackers widely believed to be Russian out of U.S. government networks. The hackers have been quietly rifling through those networks for months in Washingtons worst cyberespionage failure on record. Experts say there simply are not enough skilled threat-hunting teams to duly identify all the government and private-sector systems that may have been hacked. Many federal workers — and others in the private sector — must presume that unclassified networks are teeming with spies. The Pentagon has said it has so far not detected any intrusions from the SolarWinds campaign in any of its networks — classified or unclassified.

The threat apparently came from the same cyberespionage campaign that has afflicted FireEye, foreign governments and major corporations, and the FBI was investigating. FireEye’s customers include federal, state and local governments and top global corporations. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect in the FireEye hack. Federal government agencies have long been attractive targets for foreign hackers. “I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.

The U.S. believes North Korea and Russia capitalized on the stolen tools to unleash devastating global cyberattacks. The nation’s Cybersecurity and Infrastructure Security Agency warned that “unauthorized third-party users” could similarly abuse FireEye’s stolen red-team tools. FireEye has been at the forefront of investigating state-backed hacking groups, including Russian groups trying to break into state and local governments in the U.S. that administer elections. Its threat hunters also have helped social media companies including Facebook identify malicious actors. FireEye said it is investigating the attack in coordination with the FBI and partners including Microsoft, which has its own cybersecurity team.