- A joint U.S. intelligence task force issued an initial and urgent public reaction to the Solarwinds hack, claiming that the campaign was probably the work of Russian hackers.
- The statement said the hack was “a serious commitment that will require a sustained and dedicated effort to remedy”.
- The task force also confirmed that the Treasury, the Departments of State, Homeland Security, Trade and Energy were breached in an “intelligence gathering effort”.
- The Cyber Unified Coordination Group was formed by the White House in response to the hack and consists of the FBI, the Office of the Director of National Intelligence, the Cyber Security and Infrastructure Agency and the National Security Agency.
A joint task force of US government investigative agencies issued a statement on Tuesday, accusing the massive Solarwinds hack to be “probably of a Russian nature”.
The statement, which was also signed by the FBI, the Cybersecurity and Infrastructure Security Agency and the National Security Agency, marked a rare unified public response to the hack.
Noting that investigations into the hack are still ongoing, the statement said that “an Advanced Persistent Threat (APT) actor, probably of Russian origin, is responsible for most or all of the ongoing cyber compromises recently discovered, both government and non-governmental networks. “
The statement added that the hack was probably “an intelligence gathering effort”.
Tuesday’s joint statement marked the intelligence community’s first cohesive response since the hack was identified, and contradicts Trump’s claims last month that Chinese hackers were responsible.
The statement added that the hack was “a serious commitment that will require a sustained and dedicated effort to remedy”, adding that since the discovery of the hack, the private sector and US government officials have worked to contain it.
The joint task force also offered additional clarity on the target of US agencies.
The statement claimed that less than ten federal agencies had breached networks, but those agencies included the Treasury, as well as the Departments of State, Homeland Security, Trade and Energy.
Russian presidential spokesman Dmitry Peskov, as well as the Russian embassy in the United States, denied having orchestrated the attacks. A statement released on the embassy’s Facebook page on December 13 said: “Malicious activities in the information space contradict Russian foreign policy principles, national interests and our understanding of interstate relations”, adding: “Russia does not conduct offensive operations in the cyber domain. “
The hack took place over several months, probably starting in early March. The hackers reportedly entered the SolarWinds system – which monitors servers to prevent disruptions – through patch updates made by SolarWinds in March and June.
As hackers place corrupted code in Solarwinds updates, at least 18,000 Solarwinds customers in the public and private sectors install corrupted updates, according to U.S. intelligence agencies.
The hack was reported publicly last month after global cybersecurity firm FireEye detected the attack on the supply chain, claiming that its own networks were also compromised.