U.S. Says Russia ‘Likely’ Behind SolarWinds Hack

Philip BaderCybersecurity

Security analysts have long agreed that the SolarWinds hack first reported last month was the work of Russian operatives. Now it seems key U.S. officials agree. A recent statement issued on behalf of four U.S. agencies asserted that the attack was likely Russian in origin and remains ongoing.

The statement was issued in the name of the FBI, the Cybersecurity and Infrastructure Security Agency, the Office of the Director of National Intelligence, and the National Security Agency. It described the attack as “an intelligence gathering effort” that initially affected about 18,000 government and non-government customers.

A much smaller number of public and private customers suffered what the statement called “follow-on activities”. And fewer than 10 U.S. government agencies were among that number. But the attack was considered serious enough for CISA to demand that all government agencies using SolarWinds software immediately upgrade or suspend use of its products.

Political Fallout Mounts Over Attack Response

The message behind the joint statement is at odds with previous government comments. Earlier last month, Secretary of State Mike Pompeo named Russia as a likely suspect in the attack. But days later, President Trump suggested that China might be responsible. As more details emerge about the attacks, the scope and potential damage becomes clearer.

A BBC report from last month listed several government departments targeted in the SolarWinds attack. These included the departments of Treasury, Homeland Security, State, Defense, and Commerce. The National Institutes of Health were also compromised in the attack, which analysts now say first began back in March 2020.

In a sign of growing concern about the U.S. response to the attack, the White House dismissed CISA’s Director of Public Affairs Sara Sendek this week, according to a report in the Wall Street Journal. Sendek is the second high-ranking CISA official to be dismissed. President Trump fired the former director Christopher Krebs in November last year.

Putting the Pieces Together

Security analysts are concerned that the extent of the damage done by the SolarWinds hack has yet to be fully understood. Microsoft recently said that some of its source code repositories had been accessed in the SolarWinds hack. The company added, though, that the security of its products did not depend on the secrecy of its source code.

Microsoft, like thousands of other government, energy, and telecom organizations, was the secondary victim of a malware attack on SolarWinds that injected malicious code now called Sunburst into software updates. That code was added at some time between March and June 2020, according to SolarWinds. It remained dormant until the attackers were ready to exploit the back door it created.

The long period between infection and detection means attackers were able to gather information from public and private entities without immediate detection. What they were able to see and collect have security researchers worried. They say it could be years before we know just how successful the attackers have been.

Enduring Threats from Nation-State Attacks

Digital attacks by nation states have increased dramatically in the last decade. As a report from cybersecurity watchdog FireEye put it: “Once limited to opportunistic criminals, cyber attacks are becoming a key weapon for governments seeking to defend national sovereignty and project national power.” FireEye itself was the target of a recent nation-state attack attributed to Russian actors. An investigation of that attack led to the discovery of the SolarWinds hack.

The Washington, D.C.-based think tank Center for Strategic and International Studies maintains a timeline of nation-state cyberattacks. In December 2020 alone, CSIS documented 10 attacks from actors linked to Russia, China, Iran, and Vietnam. Several other attacks, including attempts to infiltrate the supply chain for COVID-19 vaccinations were thought to be carried out by unknown state-sponsored actors.

Cyberattacks of all types remain a significant and growing threat. Some are as simple as email phishing schemes. Others, like the SolarWinds hack, are sophisticated and potentially devastating to national security. SecureData knows how difficult it is to protect yourself from the many different pathways of attack. That’s why we offer a suite of security options that work together to provide a comprehensive data security plan.

Offline encrypted backups with SecureDrive® external storage devices, a Remote Management (RM) License for total control over where and when data is accessed, and SecureGuard USB Data Loss Prevention solution are just some of the ways SecureData gives you total control over your most sensitive information. Call us now at 1-800-520-1677 to learn more.