Top U.S. government agencies said Tuesday that Russia was likely behind the hack of SolarWinds technology, which caused a breach of U.S. government systems, calling it “a serious compromise that will require a sustained and dedicated effort to remediate.”
“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” said the Cyber Unified Coordination Group (UCG), which is composed of the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI), with support from the NSA.
The UCG was formed to respond to the hack.
“At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly,” the statement said.
SolarWinds technology is used by all five branches of the U.S. military and numerous government agencies. The breach was achieved by inserting malware, or malicious code, into software updates for the SolarWinds Orion platform, a widely used network management tool.
Up to 18,000 customers of Texas-based SolarWinds were using the compromised Orion network, the company said in a recent filing to the Securities and Exchange Commission. The company boasted of serving some 300,000 customers around the world in a partial customer listing it has since taken down.
The national agencies emphasized that the alleged Russian operation was “ongoing,” calling the hack a “serious compromise that will require a sustained and dedicated effort to remediate.”
A partial SolarWinds customer listing that was taken offline showed that its customers also include more than 425 of the U.S. Fortune 500, as well as the Office of the President of the United States.
But a screenshot of a Dominion web page that The Epoch Times captured shows that Dominion does use SolarWinds technology. Dominion later altered the page to remove any reference to SolarWinds, but the SolarWinds website is still in the page’s source code.
“This was a never-before-seen capability that computer systems weren’t designed to detect,” said Krebs, adding that Russia is “exceptionally good at this sort of work.”
Krebs admitted his “failure” to stop the cyberattack, saying: “It happened on my watch … but there is work to do now going forward to make sure, A: we get past this, that we get the Russians out of the networks, but B: that it never happens again.”
Several other U.S. officials have said they believe Russia is behind the cyberattack against SolarWinds, Secretary of State Mike Pompeo told Mark Levin’s radio show last month, adding that while Trump’s administration sees Russia as a threat, it considers China a bigger problem.
The Kremlin has denied any involvement.