The US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.
On behalf of President Trump, the four agencies were part of the task force Cyber Unified Coordination Group (UCG) that is coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks. The UCG’s investigation is still ongoing to determine the scope of the incident.
According to the UCG’s statement, the attack was orchestrated by an Advanced Persistent Threat (APT) actor, likely Russian in origin.
Recently the US Cybersecurity and Infrastructure Security Agency (CISA) has updated its official guidance to order US federal agencies to update the SolarWinds Orion platforms by the end of the year.
Calling the campaign an “intelligence gathering effort,” the intelligence bureaus said they are currently working to understand the full scope of the hack while noting that fewer than 10 U.S. government agencies were impacted by the compromise.
An estimated 18,000 SolarWinds customers are said to have downloaded the backdoored software update, but the UCG said only a smaller number had been subjected to “follow-on” intrusive activity on their internal networks.
Microsoft’s analysis of the Solorigate modus operandi last month found that the second-stage malware, dubbed Teardrop, has been selectively deployed against targets based on intel amassed during an initial reconnaissance of the victim environment for high-value accounts and assets.
The joint statement also confirms previous speculations that linked the espionage operation to APT29 (or Cozy Bear), a group of state-sponsored hackers associated with the Russian Foreign Intelligence Service (SVR).