U.S. government networks were hit by a cyberattack affecting several federal agencies, Cybersecurity and Infrastructure Security Agency Director Jen Easterly confirmed on Thursday.
CISA, a part of the Department of Homeland Security, previously identified a gap in software security believed to have been exploited in attack.
An electronic file transfer application, MOVEit Transfer, is thought to be the target of the broader cyber intrusion, one official said.
A spokesperson for Mandiant, the cyber intelligence arm of Google Cloud, said government data was stolen in the attack. CISA officials declined to say how many federal agencies were impacted and did not say who was behind the attack.
Easterly downplayed the severity of the attack in a call to reporters, saying the intrusion was not as damaging as the SolarWinds hack that impacted government systems in 2020.
A senior CISA official described the latest attack as "small" in scope.
Federal authorities previously released a joint advisory noting that the file transfer software was vulnerable to attack. At the time, CISA and the FBI said the application was vulnerable to ransomware attacks in which data is locked or stolen and payment is demanded in return.
"The FBI, alongside our partners at CISA, works diligently to share information in a timely manner to enable organizations to better protect themselves from malicious cyber actors," Bryan Vorndran, assistant director of the FBI's cyber division said last week.
A MOVEit representative told ABC News on Thursday that they are taking steps to ensure security, including applying patches.
"We have engaged with federal law enforcement and other agencies and are committed to playing a leading and collaborative role in the industry-wide effort to combat increasingly sophisticated and persistent cybercriminals intent on maliciously exploiting vulnerabilities in widely used software products," the spokesperson said in a statement, in part.
ABC News' Beatrice Peterson contributed to this report.