US intel agencies blame Russia for massive SolarWinds hack

A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal government.

The FBI, the Office of the Director of National Intelligence (ODNI), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) attributed the effort to Russia. The group had set up a cyber unified coordination group in December after the compromise of SolarWinds was revealed.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said in a joint statement around their investigation into the cyber incident.


The agencies emphasized that “at this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”

Reuters first reported last month that the Commerce and Treasury departments had been hacked as part of the attack on SolarWinds, which counts the majority of federal agencies and U.S. Fortune 500 companies as customers.

Since then, agencies including the Department of Homeland Security, the Department of Defense and the Energy Department’s National Nuclear Security Administration have confirmed they were affected by the attack, with hackers potentially present in these systems since March.

SolarWinds reported in a filing with the Securities and Exchange Commission last month that up to 18,000 of its customers had potentially been compromised.

The federal agencies on Tuesday noted that of the 18,000 public and private sector groups that used SolarWinds’s Orion software, which the hackers used to infiltrate networks, “fewer than ten U.S. government agencies” had been “compromised by follow-on activity in their systems."

President TrumpDonald TrumpSunday shows preview: House GOP removes Cheney from leadership position; CDC issues new guidance for fully vaccinated Americans Navajo Nation president on Arizona's new voting restrictions: An 'assault' on our rights The Memo: Lawmakers on edge after Greene's spat with Ocasio-Cortez MORE addressed the hack — among the worst cyber incidents in American history — in a tweet last month in which he questioned whether China was involved. Both the Chinese and Russian governments have denied involvement.


“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”

Both Secretary of State Mike PompeoMike PompeoSunday shows preview: House GOP removes Cheney from leadership position; CDC issues new guidance for fully vaccinated Americans US Olympic Committee urges Congress not to boycott Games in China Pompeo on CIA recruitment: We can't risk national security to appease 'liberal, woke agenda' MORE and former Attorney General William BarrBill BarrSenate Democrats urge Garland not to fight court order to release Trump obstruction memo Lawyer for former officer charged in George Floyd death alleges witness coercion CNN legal analyst joins DOJ's national security division MORE have previously said they believed Russia was behind the cyber espionage incident, while President-elect Joe BidenJoe BidenWarren calls for US to support ceasefire between Israel and Hamas UN secretary general 'deeply disturbed' by Israeli strike on high rise that housed media outlets Nation's largest nurses union condemns new CDC guidance on masks MORE described the hack as a "grave risk to our national security.”

Biden said last month that the attack had all the hallmarks of a Russian cyber operation, and urged Trump to officially designate the nation as behind the incident.

“It certainly fits Russia’s long history of reckless disruptive cyber activities, but the Trump administration needs to make an official attribution,” Biden said. “This assault happened on Donald Trump’s watch when he wasn’t watching. It’s still his responsibility as president to defend American interests for the next four weeks.”

Pompeo doubled down Tuesday on accusing Russia of hacking the SolarWinds software, telling Bloomberg News that the incident “was in fact a Russian operation,” though emphasizing that the U.S. constantly faces cyberattacks from other nations including China, North Korea and Iran.

The federal agencies described the incident Tuesday as “a serious compromise that will require a sustained and dedicated effort to remediate, and vowed to “continue taking every necessary action to investigate, remediate, and share information with our partners and the American people.”

Some initial steps were taken to respond to the incident in December, with CISA issuing an emergency directive requiring all federal agencies to immediately disconnect from any SolarWinds products or software.

Federal agencies were not the only groups hit, with Microsoft confirming last week that the hackers had been able to view its source code, though not change anything, linking the attack to an unnamed nation state. 

Microsoft President Brad Smith wrote in a blog post published in December that the company had notified 40 customers that were targeted “more precisely” by the attackers, with these groups including government agencies, think tanks, IT groups and government contractors in the U.S. and around the world.

“This is not ‘espionage as usual,’ even in the digital age,” Smith wrote. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”

Key leaders on Capitol Hill called for strong action Tuesday to investigate the incident following the agencies’ statement attributing the hack to Russia.

“Russia has long been an aggressive and malign actor in cyberspace, and this operation demonstrates their continued determination and capability to attack our networks and undermine our national security, just as they attacked our democracy in 2016,” House Intelligence Committee Chairman Adam SchiffAdam Bennett SchiffSunday shows preview: House GOP removes Cheney from leadership position; CDC issues new guidance for fully vaccinated Americans Lone wolf actors post greatest domestic terror threat, FBI, DHS conclude State calls for Azerbaijan to pull back forces from Armenia border MORE (D-Calif.) said in a statement.


Schiff called for the federal government to step up efforts to protect its networks against cyberattacks, along with pushing for a higher level of cooperation with the private sector to prevent these types of incidents.

“There is likely much more to learn, and this is only the beginning of this necessary work. Congress will need to conduct a comprehensive review of the circumstances leading to this compromise, assess the deficiencies in our defenses, take stock of the sufficiency of our response in order to prevent this from happening again, and ensure that we respond appropriately,” Schiff said.

House Homeland Security Committee ranking member John KatkoJohn Michael KatkoHouse passes bill mandating accommodations for pregnant workers Lawmakers roll out legislation to defend pipelines against cyber threats Lawmakers reach agreement on bipartisan Jan. 6 commission MORE (R-N.Y.) also pushed for a response to the incident. The panel, alongside the House Oversight and Reform Committee, opened an investigation into the SolarWinds incident last month.

“The size and scope of this cyber attack highlight the need to drive operational and policy improvements in the cybersecurity arena,” Katko tweeted. “As the lead Republican on the Homeland Security Committee, this will be a top priority. The stakes are too high.”

Updated: 6 p.m.