Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Federal agencies warn SolarWinds hack ‘likely Russian in origin’

FBI, NSA and cybersecurity agencies believe months-long attack used to gather intelligence

Alex Woodward
New York
Tuesday 05 January 2021 21:29 GMT
Comments
Related video: Joe Biden hammers Trump for refusing to take action on Russia-linked cyber attacks

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A widespread cyber hack compromising federal government systems and thousands of public and private networks is “likely Russian in origin” and believed to be "an intelligence gathering effort,” according to a joint statement from federal national security agencies.

The Cyber Unified Coordination Group – which includes the FBI, National Security Agency, Office of the Director of National Intelligence and Cybersecurity & Infrastructure Security Agency – reports that impacts to 18,000 public and private systems using SolarWinds’s Orion products represent a “serious compromise” that will require a “sustained and dedicated" remediation effort.

Fewer than 10 government agencies have been compromised by "follow-on activity" during the hacking operating, according to the group.

The group’s investigation “indicates that an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” according to the statement.

“At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly."

In March, staff at hundreds of companies and organisations using SolarWinds software clicked on a link to download the latest version of its Orion product, not realising that the software contained malware triggering a “very sophisticated supply chain attack,” the company said in a security advisory, “which refers to a disruption in a standard process resulting in a compromised result with a goal of being able to attack subsequent users of the software."

The attacks went undetected for months. Among the targets were the Commerce and Treasury, as well as the Department of Homeland Security, Department of Defense, and the Energy Department’s National Nuclear Security Administration.

Donald Trump downplayed the breach, initially laying blame on China and saying that “the Cyber Hack is far greater in the Fake News Media than in actuality.”

“I have been fully briefed and everything is well under control," he said in his first public remarks about the hack on Twitter last month. "Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”

Secretary of State Mike Pompeo and US Attorney General William Barr also suspected Russia was responsible.

President-elect Joe Biden has condemned the president’s response, as well as Trump’s decision to eliminate the top cybersecurity role at the White House in 2018, while the president has spent the majority of his lame-duck period floating election conspiracies and threatening to overturn the results of the 2020 election.

"This attack constitutes a grave risk to our national security,” Mr Biden said last month. “The truth is this: The Trump administration failed to prioritize cybersecurity.”

He also suggested that his administration, once in office, will “respond in kind” to the attacks, though he declined to outline what that would constitute.

“When I learn the extent of the damage and in fact who is formally responsible, they can be assured that we will respond, and probably respond in kind,” he told reporters last month.

Chris Krebs, former head of the Cybersecurity and Infrastructure Security Agency, urged caution during an interview with CNN last month.

"I think there needs to be a conversation globally, internationally across like-minded countries about what is acceptable," he said.

Mr Krebs was fired from his role after clashing with the president over his baseless voter fraud claims.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in