Multiple US intelligence agencies have publicly declared that it is Russia was behind the supply chain compromise of a number of US government federal agencies.

The hackers inserted backdoor code into SolarWinds’ Orion platform in March of 2020 (or possibly earlier according to one US senator) and used this to access the systems of at least half-a-dozen US federal agencies, as well as potentially thousands of private firms before the attack was discovered in December.

The scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department were compromised.

Governmental breach

A number of leading tech firms and security firms such as FireEye have been caught up in this compromise.

Earlier this week Microsoft admitted that the SolarWinds hackers actually accessed and viewed source code repositories within Redmond.

Microsoft had previously disclosed that it, like thousands of other companies, made internal use of the software used in the attack, SolarWinds’ Orion network management software.

But now the office of the US director of national intelligence has said that Russia was “likely” to have been behind a string of hacks of US federal agencies identified last month.

The hackers breached fewer than 10 federal agencies, the Cyber Unified Coordination Group joint taskforce announced.

The FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) inside the Department of Homeland Security, issued the joint statement, and said the hackers’ goal appeared to be collecting intelligence, rather than any destructive acts.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” they stated. “At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.

It was the first official statement of attribution by the Trump administration.

Offshore engineering

This declaration that Russia was likely behind the compromise, has drawn a reaction from security experts.

“As was recently reported in the NYT, ‘SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised,” noted Rosa Smothers, senior VP of cyber operations at KnowBe4.

“As a former CIA officer who was intrinsically involved in HUMINT-enabled cyber operations, there’s a tremendous window of opportunity – we call it ‘spot, assess, and recruit’ – in areas where there is amplified geopolitical tension,” said Smothers. “For instance, Belarus is currently struggling against overt Russian influence.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Lawsuit By Former Google Staffers Cites ‘Don’t Be Evil’ Moto

Three out of the 'thanksgiving four' staff fired from Google in November 2019, hit back…

13 hours ago

Amazon’s Alabama Warehouse To Vote Again On Trade Union

Not the right outcome? Workers and staff at Amazon fulfilment centre in Bessemer, Alabama to…

14 hours ago

Meta Ordered To Sell Giphy By British Regulator

But will Zuckerberg obey? The UK's CMA watchdog orders Facebook to sell Giphy, after concluding…

17 hours ago

Clearview AI Faces £17m Fine For ‘Serious’ Data Protection Breaches

American facial recognition firm Clearview AI is facing a possible £17 million fine over “serious…

18 hours ago

Bye Jack. Twitter Co-Founder And CEO Jack Dorsey Steps down

End of the road for Jack. Twitter's Jack Dorsey steps down from CEO role for…

19 hours ago