Intelligence agencies say SolarWinds cyber compromise perpetrator 'likely Russian'

Jenna McLaughlin
·National Security and Investigations Reporter
·3-min read

WASHINGTON — U.S. intelligence and national security agencies on Tuesday afternoon pointed to Russian hackers as the culprit behind an unprecedented digital breach of thousands of public and private sector networks.

A sophisticated hacking group that is “likely Russian in origin” is “responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” according to a joint statement issued by the newly organized Cyber Unified Coordination Group. The members of the new group include the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, the Office of the Director of National Intelligence, and the National Security Agency.

The announcement comes just weeks before President-elect Joe Biden’s inauguration, and at a time when the outgoing Trump administration has been focused on its claims of electoral fraud, which have been rejected repeatedly by election officials and the courts.

The SolarWinds logo is seen outside its headquarters in Austin, Texas on December 18, 2020. (Sergio Flores/Reuters)
SolarWinds headquarters in Austin, Texas. (Sergio Flores/Reuters)

In early December, private cybersecurity company FireEye, the first to notice something awry in its systems, announced it had been breached. FireEye passed what it knew on to government investigators, determining that hackers had inserted malicious code into security updates for widely used IT monitoring software made by software company SolarWinds.

SolarWinds disclosed the intrusion on Dec. 13 to the U.S. Securities and Exchange Commission, noting that “fewer than 18,000 customers” had installed the specific dangerous update. The scope of the intrusion has exploded in the intervening weeks, leading both government and private sector workers to scramble to determine the damage, a process that may take months or years.

The new statement confirms earlier news reports as well as a public statement from Secretary of State Mike Pompeo putting responsibility for the intrusion on the Kremlin. However, President Trump has consistently resisted publicly blaming or pressuring Russia for either this breach or previous covert and overt Russian operations against American and allied interests.

Trump previously downplayed the seriousness of the breach, announcing that it was “under control.” He also alleged in a series of tweets that the “Fake News Media” wanted to blame Russia, claimed China could be behind the breach, and resurfaced conspiracy theories about compromised voting machines that could have led to his loss in the presidential election.

Russian President Vladimir Putin during a meeting in Moscow, Russia on Dec. 7, 2020. (Alexei Nikolsky, Sputnik, Kremlin Pool Photo via AP)
Russian President Vladimir Putin in Moscow on Dec. 7. (Alexei Nikolsky, Sputnik, Kremlin/Pool/AP)

In the meantime, the Trump administration has continued to oust public servants who have helped fact-check those claims, starting with former CISA Director Chris Krebs and, most recently, earlier on Tuesday, CISA Director of Public Affairs Sara Sendek.

It’s unclear whether Trump will push back on the new statement blaming Russia, though the new task force was formed “on behalf of President Trump,” the agencies wrote in a joint press release.

In addition to offering a tentative attribution for the compromise, the intelligence agencies also concluded that the Russian effort amounted to an “intelligence gathering effort” rather than a targeted attack aimed at destruction or subterfuge — an assessment that will likely affect the government’s potential response.

President-elect Biden in mid-December condemned the intrusion and pressured the Trump administration to name and shame Russia, promising to do “all that needs to be done” to investigate and address the compromise once in office. He said he will “probably respond in kind,” though experts have pointed out the NSA and other U.S. intelligence agencies are constantly looking for opportunities to infiltrate Russian networks the same way U.S. networks were exposed.

While the investigation into the breach is ongoing, the intelligence agencies wrote, there is reason to be cautiously optimistic. According to the investigation so far, the government has only learned of fewer than 10 U.S. government agencies that “have been compromised by follow-on activity on their systems.” The statement did not elaborate, however, on what exactly that follow-on activity might be, including additional indicators of further compromise or evidence that data was exfiltrated from those agencies.

The group also promised to release further details on the compromise “as they become available.”

_____

Read more from Yahoo News: