WASHINGTON (AP) – Major national security agencies confirmed on Tuesday that Russia was likely responsible for a massive invasion of U.S. government departments and corporations, rejecting President Donald Trump’s claim that China could be to blame. .
The rare joint statement represented the first formal attempt by the United States government to assign responsibility for the violations to various agencies and to assign a possible reason for the operation. He said the hacks appeared to be aimed at “intelligence gathering”, suggesting that the evidence so far pointed to a Russian espionage effort, rather than an attempt to damage or disrupt US government operations.
The agencies made it clear that the operation was “ongoing” and indicated that the search for new threats was not over.
“This is a serious commitment that will require a sustained and dedicated effort to remedy,” said the statement, distributed by the FBI, the National Security Agency, the Office of the Director of National Intelligence and the Agency for Cybersecurity and Infrastructure.
It was unclear why the statement was issued now, although it does endorse national security agencies on information that members of Congress, who had been told about it before, called for the White House to go public.
The Associated Press reported last month that White House officials were prepared to reveal that Russia was the “leading actor” in the hack, but were told at the last minute to withdraw. On the day of that report, December 19, Trump tweeted that “Cyber Hack is much bigger on Fake News Media than it is in reality” and suggested, without any evidence, that China could be to blame.
Senator Mark Warner, the Democratic vice president of the Senate Intelligence Committee, regretted the late statement, saying “it is unfortunate that it took more than three weeks after the revelation of such a significant intrusion for this government to finally issue a provisional assignment” . He said he expects a more definitive blame as well as a warning to Russia, which has denied involvement in the hack.
With the public prosecution taking place in the last two weeks of the Trump administration, it will almost certainly be up to new President Joe Biden to decide how to respond to a hacking campaign that amounts to Washington’s worst cyber espionage flaw to date. Biden said his government will impose “substantial costs” on countries responsible for hacking the US government, but it is unclear whether the answer in this case will involve sanctions, prosecutions, offensive cyber operations or any combination of these options.
The hacking campaign was extraordinary in scale, with attackers chasing government agencies, defense companies and telecommunications companies for at least seven months when it was discovered. Experts say it gave foreign agents enough time to collect data that could be highly detrimental to the national security of the United States, although the scope of the breaches and exactly the information requested is unknown.
It is estimated that 18,000 organizations were infected with malicious code that hitched a ride on popular network management software from a company in Austin, Texas, called SolarWinds. Of these clients, however, “a much smaller number has been compromised by subsequent activities in their systems,” said the statement, noting that less than 10 federal government agencies have so far been identified as belonging to this category.
The Treasury and Commerce departments are among the agencies known to have been affected. Senator Ron Wyden, an Oregon Democrat, said after a meeting last month provided to the Senate Finance Committee that dozens of Treasury Department email accounts have been compromised and that hackers have hacked into systems used by senior officials department level.
A senior executive at the cybersecurity company that discovered the malware, FireEye, said last month that “dozens of incredibly high-value targets” have been infiltrated by elite state-backed hackers. The executive, Charles Carmakal, declined to name the targets. Neither does Microsoft, which said it has identified more than 40 committed governments and private targets, mostly in the U.S.
Microsoft said in a blog post last week that hackers linked to hacking by government agencies and companies have infiltrated their systems more than previously thought and were able to view part of the code underlying the company’s software, but were unable to to make changes to that.
The extent of the affected targets remains unknown.
“I think it is highly unlikely that at this stage of the investigation they can be sure that there are only 10 agencies affected,” said Dmitri Alperovitch, former technical director at the cybersecurity company CrowdStrike.
Ben Buchanan, a cyber espionage expert at Georgetown University, said the fact that all of these investigative agencies now attribute the hacking campaign to Russia “removes any remaining serious doubts about the perpetrators.”
As for the number of federal agencies committed, he said it is difficult to know “from the outside how they assessed this”. While such assessments are difficult, Buchanan said, he believes the government must have some evidence for the claim, given the joint nature of the statement.
US officials, including then-Attorney General William Barr and Secretary of State Mike Pompeo, and cybersecurity experts have said Russia is to blame. But Trump, who throughout his term resisted blaming Moscow for cyber operations, broke with the consensus within his own administration by tweeting that the media was afraid to “discuss the possibility that it could be China (it can!)”.
Tuesday’s statement makes it clear that this is not the case, saying that the US investigation reveals that a cyber actor, “probably of Russian origin, is responsible for most or all of the ongoing cyber compromises recently discovered, both by networks governmental as well as non-governmental “.
“At the moment, we believe that this was, and remains, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly, ”said the statement.
___
Bajak reported from Boston.