FBI, CISA, and NSA: Russia was likely behind major SolarWinds hack
Our mission to make business better is fueled by readers like you. To enjoy unlimited access to our journalism, subscribe today.
Russia is likely behind the major SolarWinds cyberattack that has compromised multiple federal agencies and businesses, according to the Federal Bureau of Investigation, Cybsersecurity and Infrastructure Security, and National Security Agency.
The federal agencies, working as part of the Cyber Unified Coordination Group task force, said Tuesday that an unspecified Russian entity “is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and nongovernmental networks.”
The group said that fewer than 10 U.S. government agencies and an unspecified number of companies were affected by the cyberattack, which analysts have described as one of the most catastrophic cybersecurity incidents in recent history.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the Cyber Unified Coordination Group said in a statement.
Several cybersecurity experts have previously indicated that Russia was behind the attacks, which the Kremlin has denied. Secretary of State Mike Pompeo said in December that Russia was “pretty clearly” involved in the hack.
However, President Donald Trump has previously minimized Russia’s alleged role and instead pointed to China as a possible suspect, accusing the media of overemphasizing the Kremlin.
“The Cyber Hack is far greater in the Fake News Media than in actuality,” President Trump said in December on Twitter. “I have been fully briefed and everything is well under control.”
However, the Cyber Unified Coordination Group, created on behalf of President Trump as part of the National Security Council, described the SolarWinds hack as far more serious than Trump has let on.
“At this time, we believe this was, and continues to be, an intelligence gathering effort,” the group said in a statement. “We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”
Russian hackers were believed to have installed a so-called backdoor vulnerability in one of SolarWinds’ most popular products, called Orion, which is used by firms to manage their IT infrastructure. The hack, which was disclosed in December, went undetected for months.
Clarification: Story updated at Jan 6, 12:38 P.M. to reflect Cybsersecurity and Infrastructure Security’s formal role in the Cyber Unified Coordination Group, not the Central Intelligence Agency.