The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA), joined in the Cyber Unified Coordination Group (UCG), said that their investigation “indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin,” has been behind one of the most devastating breaches of the U.S. computer security.
“At this time, we believe this was, and continues to be, an intelligence gathering effort, and we are taking all necessary steps to understand the full scope of this campaign and respond accordingly,” the UCG stated.
The agencies added that they believe that, of the approximately 18,000 affected public and private sector customers of SolarWinds’ Orion products, a “much smaller number has been compromised by follow-on activity on their systems.”
The U.S. Justice Department, with its more than 100,000 staffers across a range of law enforcement agencies such as the FBI or the Drug Enforcement Agency (DEA), on Wednesday announced that its Office 365 mailboxes were potentially accessed.
“On Dec. 24, 2020, the Department of Justice’s Office of the Chief Information Officer (OCIO) learned of previously unknown malicious activity linked to the global SolarWinds incident that has affected multiple federal agencies and technology contractors,” the department said in a statement.
It added that “the number of potentially accessed O365 mailboxes appears limited to around 3 percent.” The department has no indication that any classified systems were impacted, according to DoJ spokesman, Marc Raimondi.
The UCG warned that the SolarWind breach is “a serious compromise that will require a sustained and dedicated effort to remediate.”
Mike Pompeo, the U.S. Secretary of State, was the first high official who warned about the breach, directly blaming Russians for the cyber attack.
“This was a very significant effort and I think it is the case now that we can say pretty clearly that it was the Russians,” Pompeo told ABC News in December.
U.S. President Donald Trump, however, downplayed the impact of the SolarWind breach, saying that China was more likely responsible for the attack.
“Russia, Russia, Russia is the priority chant when anything happens,” Trump tweeted, reacting to Pompeo’s statement, suggesting the possibility of China’s responsibility.
He also claimed that the SolarWind hack was a hit on the U.S. “ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the U.S.A.”
