Fallout from massive Russian hack of U.S. agencies continues

Security experts, businesses and government agencies are continuing their work to understand the scope of a massive cyber attack, while the finger-pointing and blame game is also picking up steam.

The big picture: Experts warn the attack could have severe repercussions given it went on for months, targeted key companies and government agencies and gained access to a wide swath of substantive information.

Catch up quick: The attack, attributed to Russia, began with the targeting of security firm SolarWinds. Gaining access there allowed the nation-state hackers access to information from a variety of high-profile agencies and companies, including the Treasury, Commerce and Homeland Security departments.

What's new:

• Sen. Richard Blumenthal, after receiving a classified briefing, placed the blame squarely on Russia and called for more information to be made public.
• Microsoft and other companies seized a domain that was used in the attack, hoping to limit further damage.
• The Washington Post reported Tuesday that key investors in SolarWinds sold $280 million in the company's stock in the days before the attack was announced publicly.

What's next: Alex Stamos, director of the Stanford Internet Observatory, wrote in the Washington Post that the attack shows "something is wrong with how our country protects itself against the hackers working for our adversaries in Russia, China, Iran and North Korea."

• Stamos suggested the government could improve cyber response by creating an agency to investigate serious incidents; passing a data breach law that would make it mandatory to disclose more types of incidents; and ensuring key Biden administration roles are filled by people with "practical, hands-on defensive experience."

Go deeper: What we know about Russia's sprawling hack into federal agencies