Multiple US intelligence agencies have publicly declared that it is Russia was behind the supply chain compromise of a number of US government federal agencies.

The hackers inserted backdoor code into SolarWinds’ Orion platform in March of 2020 (or possibly earlier according to one US senator) and used this to access the systems of at least half-a-dozen US federal agencies, as well as potentially thousands of private firms before the attack was discovered in December.

The scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department were compromised.

Governmental breach

A number of leading tech firms and security firms such as FireEye have been caught up in this compromise.

Earlier this week Microsoft admitted that the SolarWinds hackers actually accessed and viewed source code repositories within Redmond.

Microsoft had previously disclosed that it, like thousands of other companies, made internal use of the software used in the attack, SolarWinds’ Orion network management software.

But now the office of the US director of national intelligence has said that Russia was “likely” to have been behind a string of hacks of US federal agencies identified last month.

The hackers breached fewer than 10 federal agencies, the Cyber Unified Coordination Group joint taskforce announced.

The FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) inside the Department of Homeland Security, issued the joint statement, and said the hackers’ goal appeared to be collecting intelligence, rather than any destructive acts.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” they stated. “At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.

It was the first official statement of attribution by the Trump administration.

Offshore engineering

This declaration that Russia was likely behind the compromise, has drawn a reaction from security experts.

“As was recently reported in the NYT, ‘SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised,” noted Rosa Smothers, senior VP of cyber operations at KnowBe4.

“As a former CIA officer who was intrinsically involved in HUMINT-enabled cyber operations, there’s a tremendous window of opportunity – we call it ‘spot, assess, and recruit’ – in areas where there is amplified geopolitical tension,” said Smothers. “For instance, Belarus is currently struggling against overt Russian influence.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

OpenAI, Broadcom In Talks Over Development Of AI Chip – Report

Rebelling against Nividia? OpenAI is again reportedly exploring the possibility of developing its own AI…

2 days ago

Microsoft Outage Impacts Airlines, Media, Banks & Businesses Globally

IT outage causes major disruptions around the world, after Crowdstrike update allegedly triggers Microsoft outages

2 days ago

GenAI Integration Efforts Hampered By Costs, SnapLogic Finds

Hefty investment. SnapLogic research finds UK businesses are setting aside three-quarters of their IT budgets…

3 days ago

Meta Refuses EU Release Of Multimodal Llama AI Model

Mark Zuckerberg firm says European regulatory environment too ‘unpredictable’, so will not release multimodal Llama…

3 days ago

Synchron Announces Brain Interface Chat Powered by OpenAI

Brain implant firm Synchron offers AI-driven emotion and language predictions for users, powered by OpenAI's…

3 days ago