Multiple US intelligence agencies have publicly declared that it is Russia was behind the supply chain compromise of a number of US government federal agencies.

The hackers inserted backdoor code into SolarWinds’ Orion platform in March of 2020 (or possibly earlier according to one US senator) and used this to access the systems of at least half-a-dozen US federal agencies, as well as potentially thousands of private firms before the attack was discovered in December.

The scale of the US government compromise is still being investigated, but just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department were compromised.

Governmental breach

A number of leading tech firms and security firms such as FireEye have been caught up in this compromise.

Earlier this week Microsoft admitted that the SolarWinds hackers actually accessed and viewed source code repositories within Redmond.

Microsoft had previously disclosed that it, like thousands of other companies, made internal use of the software used in the attack, SolarWinds’ Orion network management software.

But now the office of the US director of national intelligence has said that Russia was “likely” to have been behind a string of hacks of US federal agencies identified last month.

The hackers breached fewer than 10 federal agencies, the Cyber Unified Coordination Group joint taskforce announced.

The FBI, the National Security Agency, and the Cybersecurity and Infrastructure Security Agency (CISA) inside the Department of Homeland Security, issued the joint statement, and said the hackers’ goal appeared to be collecting intelligence, rather than any destructive acts.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” they stated. “At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.

It was the first official statement of attribution by the Trump administration.

Offshore engineering

This declaration that Russia was likely behind the compromise, has drawn a reaction from security experts.

“As was recently reported in the NYT, ‘SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised,” noted Rosa Smothers, senior VP of cyber operations at KnowBe4.

“As a former CIA officer who was intrinsically involved in HUMINT-enabled cyber operations, there’s a tremendous window of opportunity – we call it ‘spot, assess, and recruit’ – in areas where there is amplified geopolitical tension,” said Smothers. “For instance, Belarus is currently struggling against overt Russian influence.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Twitter Confirms ‘Super Follow’ Option, For Paid Content

Money maker. Super follow feature coming soon on Twitter, will allow users to receive tips…

10 hours ago

Windows 10 ‘Sun Valley’ Promises Major Overhaul

OS refresh. Major update to six year old Windows 10 operating system, dubbed Sun Valley,…

14 hours ago

Oxford University Confirms Hack Of Biology Lab Studying Covid-19

NCSC investigates after hackers compromised one of the world’s top biology labs at Oxford University,…

15 hours ago

Consumer Group Which? Targets Qualcomm In Legal Action

Legal action against Qualcomm could result in 29 million UK 4G smartphone owners being entitled…

1 day ago

Google To Change Review Process Of Scientist Work

Executives at troubled Google AI research unit say they are working to retain trust, after…

1 day ago

NHS Challenged Over Data Contract With Palantir

Contract between NHS and data mining firm Palantir now at centre of lawsuit filed by…

1 day ago