America’s intelligence community has issued a joint statement naming Russia as the most likely source of the SolarWinds hack. Representatives from the FBI, NSA and Cybersecurity and Infrastructure Security Agency (CISA), via the Office of the Director of National Intelligence, made the claims yesterday. They jointly claim that the body which managed to gain access to a number of federal agencies and companies is “likely Russian in origin.”
The New York Times reports that the statement was made, partly, to repudiate comments made by the president on Twitter, accusing China of the hack. The paper added that it believes sentiment within the intelligence community have “few doubts” that Russia was responsible. Senator Mark Warner tweeted criticism of the delay in making the statement, saying that it is unfortunate that it has taken three weeks before officials issued any sort of attribution.
Unfortunately, it has taken 3 weeks after discovering an intrusion this significant for this Administration to issue a tentative attribution. I hope we'll begin to see a public declaration of U.S. policy towards indiscriminate supply chain infiltrations like this in the future.
— Mark Warner (@MarkWarner) January 5, 2021
Officials believe that around 18,000 “public and private sector customers” of SolarWinds’ products have been affected in the hack. They added that a “much smaller number” were then subject to “follow-on activity” in their systems, which includes “fewer than” 10 government agencies. The multi-agency group says that is working to investigate and help where it can, with the FBI working to identify victims and the hackers. CISA, meanwhile, will offer a tool to help victims detect malicious activity stemming from the hack.
SolarWinds is a network monitoring company with a product called Orion, which hackers managed to breach at some point in March. The list of companies and government bodies that used Orion, however, included names like the US Nuclear Security Administration, Department of Energy, not to mention Microsoft. One of the reasons the attack was so wide-spread was due to the failure of several early-warning systems.
In the statement, the agencies say that picking through the remains of this hack will require a “sustained and dedicated effort to remediate.”