Two months on from the SolarWinds cyberattack on US government departments and international companies, the scale of the intrusion is still coming to light.