Russian Federation 'likely' behind SolarWinds hack, say American agencies
Jan 08 2021
Top U.S. national security agencies in a rare joint statement Tuesday saidRussian Federation was likely responsible for a massive hack of U.S. government departments and corporations, rejecting President Donald Trump's claim that China might be to blame. The Pentagon, Treasury, State Department and USA nuclear security agencies are understood to have been breached.
USA intelligence task force investigating the massive hacking campaign which compromised the networks of several government agencies believe that the cyber actor behind the operation was "likely Russian in origin" and that the "serious compromise" will require "a sustained and dedicated effort to remediate".
"This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and nongovernmental networks", according to the statement from the intelligence and security agencies. Of those customers, though, "a much smaller number have been compromised by follow-on activity on their systems", the statement said, noting that fewer than 10 federal government agencies have so far been identified as falling into that category.
Cybersecurity experts and US officials, including then-attorney general William Barr and Secretary of State Mike Pompeo, have previously said Russian Federation was to blame.
Tuesday's joint statement marked the first cohesive response from the intelligence community since the hack was identified, and it contradicted Trump's claims last month that Chinese hackers were responsible.
The task force also confirmed that the Treasury, the Departments of State, Homeland Security, Commerce, and Energy were breached in an "intelligence-gathering effort".
Late last month, software giant Microsoft said the hackers even managed to use the breach to access some of the company's heavily guarded source code - the basic programming essential to running Microsoft programs and operating systems.
The security company FireEye, which was itself breached, discovered the new round of attacks, many of which were traced to a tainted software update from SolarWinds, which makes widely used network-management programs.
"We believe this was, and continues to be, an intelligence-gathering effort", the task force said.
The US Chamber of Commerce was one of the many government agencies affected by the hack.
"Congress will need to conduct a comprehensive review of the circumstances leading to this compromise, assess the deficiencies in our defences, take stock of the sufficiency of our response in order to prevent this from happening again, and ensure we respond appropriately", said Mr Adam Schiff, head of the House committee. The day of that report, December 19, Trump tweeted that the "Cyber Hack is far greater in the Fake News Media than in actuality" and suggested without any evidence that China could be to blame.
Some 18,000 public and private customers of SolarWinds would be vulnerable to the hack, the statement said.