Revolutionary SolarWinds Hack Blamed on Russia by Federal Agencies

Revolutionary SolarWinds Hack Blamed on Russia by Federal Agencies

The largest cybersecurity breach in history is thought to have originated from Russia, according to a new statement by the top US agencies.

The largest cybersecurity breach in history is thought to have originated from Russia, according to a new statement by the top US agencies.

Credit | Statural

The top intelligence agencies within the US government said Tuesday that the now infamous SolarWinds hack/breach was “likely Russian in origin.” This statement, titled the “JOINT STATEMENT BY THE FEDERAL BUREAU OF INVESTIGATION (FBI), THE CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA), THE OFFICE OF THE DIRECTOR OF NATIONAL INTELLIGENCE (ODNI), AND THE NATIONAL SECURITY AGENCY (NSA),” was created by the aforementioned agencies, the FBI, CISA, ODNI, and NSA.

This marks the first time that these four agencies have attributed anything about the massive attack to Russian actors. While the breach was widely believed to have been Moscow based, there had been no real conclusion from the private or public sector, excluding FireEye’s supposed wraparound to find a Russian origin trace.

The statement had said

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”

For those that haven’t been caught up to date, SolarWinds, a popular, but small, IT management and remote monitoring company had been breached by foreign actors. This breach was discovered by cybersecurity company FireEye, who originally thought that the hack was located locally in the company.

Soon however, it was discovered through FireEye’s traces, that the malicious software resulted from malicious code hidden within a legitimate SolarWinds update. That update was pushed out to over 18,000 customers, including more than half of the Fortune 500, and over 10 government agencies.

That’s just a quick synopsis however, and you can check out the full article Statural made, here.

The hack was believed to have originated in early March 2020, long before FireEye had discovered the attack, which had severely infected much of the United States. US Secretary of State Mike Pompeo had said that the hack was likely of Russian origin in an interview during December, but there had been no formal declaration until now.

United States as a whole have been behind when it comes to cybersecurity and space security, which likely drove the government to conceal much of the damage done to prevent further actors from, well, acting. Through showing how fragile the entire several trillion dollar US government can be when it comes against a few lines of code in an update, actors can see the US’ weakness as an invitation.

That completely makes sense as to why the US has concealed any damage or made any formal accusation, as any real information could put more agencies at risk.

Statural Bites

Sign up for our newsletter to get bite-sized news about all five of our categories.

As mentioned in the earlier except, advanced persistent threats, are groups, more specifically, hacking groups, identified to have had large resources and skills. These are usually state-sponsored as the funds and time needed to construct and execute a major cybersecurity strike are immense, and usually only provided by countries.

While Tuesday’s statement had no mention of a specific group to point at, it’s widely believed, and rumored to be believed by the government, to be APT29 (or Cozy Bear) behind the attack. This is the same group behind a Pentagon hack, the DNC hack, leaked COVID vaccine data, and then possibly SolarWinds’ breach.

The Cyber Unified Coordination Group, made of the FBI, NSA, CISA and ODNI, has said that the government is taking active investigation into the breach, quoting the 18,000 customers compromised number from FireEye/SolarWinds. The group has said they are actively investigating a small number affected, with “follow-on activity on their systems,” possibly signifying a continuous hack, even after the first part was discovered. The group furthers by saying that less than 10 government agencies were breached.

Previously reported, officials have confirmed breaches within the Treasury Department, Department of Energy and Commerce, the Department of Homeland Security, the Pentagon, the State Department, and the National Institutes of Health, as well as the National Nuclear Security Administration.

Due to the volatile and continuous situation of this breach, Statural will continue to release updates about the hack, so make sure to check back for more news about the SolarWinds breach. (and other things too. we have those too)