Russia “likely” culprit in massive SolarWinds cyber attack, US government agencies say

A group of US federal agencies has laid the blame for the SolarWinds cyber attack at Russia’s door publicly for the first time.

The Cyber Unified Coordination Group (UCG) said its investigations indicate that an Advanced Persistent Threat actor “likely Russian in origin” was responsible for most or all of the ongoing cyber compromises.

It said: “At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”

The UCG consists of the Federal Bureau of Investigation, Cybersecurity & Infrastructure Security Agency, the Office of the Director of National Intelligence and supported by the National Security Agency.

The cyber hack, which was detected in December but believed to have begun in March, has been described as the US’ biggest ever cyber-espionage incident in the US. Malicious code was put into updates to a popular software called Orion, made by network-monitoring services provider Solar Winds.

Several US government departments, including energy, commerce, treasury and state were reportedly breached and 18,000 public and private customers were affected, with companies and agencies also hit across the world.

The UCG said of the 18,000 customers hit initially a “much smaller number” and fewer than 10 US government agencies have bene compromised by follow-on activity.

The UCG said: “This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the United States Government, as well as our private sector partners have been working non-stop. These efforts did not let up through the holidays.”

Brad Smith, Microsoft’s chief legal counsel, said last month that companies and agencies were also targeted in Canada, Mexico, Belgium, Spain, Israel, Untied Arab Emirates and the United Kingdom

Following the attack, US President Elect Joe Biden pledged to prioritise cyber security and accused the outgoing President Donald Trump of not treating the issue seriously enough.

The cybersecurity trends to watch out for in 2021


The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.