In a statement U.S. cybersecurity agency, Cybersecurity and Infrastructure Security Agency (CISA) stated, that the widespread cyber espionage campaign which was made public earlier this month is affecting state and local governments.

The hacking campaign exploits vulnerabilities in U.S. tech company SolarWindss products as a springboard to penetrate federal government networks.

In a statement, the CISA said, the hacking campaign was “impacting enterprise networks across federal, state, and local governments, as well as critical infrastructure entities and other private sector organizations”.

Last week the CISA, U.S. government agencies, including critical infrastructure entities, and private groups have been affected by the hacking campaign. It did not specifically mention state or local bodies that have been impacted by the hacking campaign. So far only a handful of federal government agencies, including the U.S. Treasury Department, the Commerce Department, and the Department of Energy, have officially acknowledged the fact that they have been affected.

Pima County, Arizona was among the victims of the hacking campaign.

The county did not immediately return a message seeking comment. The county’s chief information officer had earlier taken its SolarWinds software offline immediately after the hack became public.

According to lawmakers and senior U.S. officials Russia and China are to blame for the hacking spree.