The US intelligence community is formally blaming Russian hackers for the SolarWinds breach but stopping short of pointing fingers directly at the Kremlin.
On Tuesday, the FBI, NSA, and the Office of the Director of National Intelligence issued a joint statement with the Cybersecurity and Infrastructure Security Agency (CISA) about their investigation into the breach. “This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the statement says.
The agencies supplied no specific evidence in the statement. However, US officials reportedly suspect that Russian state-sponsored spies hacked into the IT company SolarWinds, which they then used as a launching pad to break into several US government departments.
The attack specifically involved tampering with SolarWind’s Orion product, which was then distributed to Windows computers belonging to about 18,000 customers. However, the suspected Russian hackers only targeted a small subset of those customers with additional malware capable of spying on computers and stealing files.
“We have so far identified fewer than 10 US government agencies that fall into this category, and are working to identify the nongovernment entities who also may be impacted,” the joint statement says. “At this time, we believe this was, and continues to be, an intelligence gathering effort.”
The federal agencies known to have been ensnared include the US Treasury Department, the State Department, the Commerce Department and the Energy Department, along with parts of the Pentagon, according to The New York Times.
The statement from US intelligence ultimately doesn’t provide much new information. But it does arrive weeks after President Trump casted doubt on Russia’s suspected role in the hack. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of….discussing the possibility that it may be China (it may!),” the outgoing President said in a tweet on Dec. 19.
The Kremlin itself has denied any involvement in SolarWinds breach. “Malicious activities in the information space contradict the principles of the Russian foreign policy,” the Russian embassy said in a statement last month.