US officials issue ‘emergency’ cybersecurity order after hackers breach at least one government agency

US cyber officials issued an “emergency directive” Thursday ordering federal agencies to defend their networks against an “advanced” group of hackers that have breached at least one agency in an apparent espionage campaign.

Government officials have not commented on who is behind the hacks, but private experts say they believe the hackers are state-backed and based in China. The hackers have been exploiting previously unknown flaws in software made by Cisco for several months.

“We are aware of hundreds of these devices [running the affected Cisco software] being in the federal government,” Chris Butera, a senior official at the Cybersecurity and Infrastructure Security Agency, told reporters.

The directive will help officials understand “the full scope of the compromise across federal agencies,” Butera said.

Unit 42, a division of cyber firm Palo Alto Networks, told CNN that they believe the hackers are based in China. But a slew of other hacking groups could try to exploit the vulnerabilities now that the issue is public and a software “patch,” or fix, is available.

“As we have seen before, now that patches are available, we can expect attacks to escalate as cybercriminal groups quickly figure out how to take advantage of these vulnerabilities,” said Sam Rubin, a senior vice president at Unit 42.

The directive will set off a scramble in Washington to detect the hackers and unplug any compromised devices before the hackers can do further damage. It gives civilian agencies until the end of Friday to update software and report any compromises.

A Cisco spokesperson said the company investigated the hacks in May with “several” government agencies and has since discovered three new vulnerabilities that the hackers were exploiting. The company urged its customers to update their software in the face of the attacks.

The British government also warned about the hacking campaign on Thursday, calling the malicious code used by the hackers a “significant evolution” from their previous tools.

The disclosure comes just days after researchers with Google-owned firm Mandiant revealed that another team of suspected Chinese hackers had infiltrated US software developers and law firms in a campaign to collect intelligence to help Beijing in its ongoing trade fight with Washington. The effort to recover from those breaches could take months, Mandiant said.