US intel agencies blame Russia for massive SolarWinds hack

A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal government.

The FBI, the Office of the Director of National Intelligence (ODNI), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) attributed the effort to Russia. The group had set up a cyber unified coordination group in December after the compromise of SolarWinds was revealed.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said in a joint statement around their investigation into the cyber incident.


The agencies emphasized that “at this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”

Reuters first reported last month that the Commerce and Treasury departments had been hacked as part of the attack on SolarWinds, which counts the majority of federal agencies and U.S. Fortune 500 companies as customers.

Since then, agencies including the Department of Homeland Security, the Department of Defense and the Energy Department’s National Nuclear Security Administration have confirmed they were affected by the attack, with hackers potentially present in these systems since March.

SolarWinds reported in a filing with the Securities and Exchange Commission last month that up to 18,000 of its customers had potentially been compromised.

The federal agencies on Tuesday noted that of the 18,000 public and private sector groups that used SolarWinds’s Orion software, which the hackers used to infiltrate networks, “fewer than ten U.S. government agencies” had been “compromised by follow-on activity in their systems."

President TrumpDonald TrumpIran's leader vows 'revenge,' posting an image resembling Trump Former Sanders spokesperson: Biden 'backing away' from 'populist offerings' Justice Dept. to probe sudden departure of US attorney in Atlanta after Trump criticism MORE addressed the hack — among the worst cyber incidents in American history — in a tweet last month in which he questioned whether China was involved. Both the Chinese and Russian governments have denied involvement.


“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”

Both Secretary of State Mike PompeoMike PompeoJilani: China 'sending clear message' to Biden officials with sanctions that opposition could lead to 'future pay cut' New Israeli envoy arrives in Washington, turning page on Trump era Biden ousts controversial head of US Agency for Global Media MORE and former Attorney General William BarrBill BarrBudowsky: Democracy won, Trump lost, President Biden inaugurated Two-thirds say the election was fair: poll The Hill's Morning Report - An inauguration like no other MORE have previously said they believed Russia was behind the cyber espionage incident, while President-elect Joe BidenJoe BidenRev. Barber says best way to undercut extremism is with honesty Biden requires international travelers to quarantine upon arrival to US Overnight Defense: House approves waiver for Biden's Pentagon nominee | Biden to seek five-year extension of key arms control pact with Russia | Two more US service members killed by COVID-19 MORE described the hack as a "grave risk to our national security.”

Biden said last month that the attack had all the hallmarks of a Russian cyber operation, and urged Trump to officially designate the nation as behind the incident.

“It certainly fits Russia’s long history of reckless disruptive cyber activities, but the Trump administration needs to make an official attribution,” Biden said. “This assault happened on Donald Trump’s watch when he wasn’t watching. It’s still his responsibility as president to defend American interests for the next four weeks.”

Pompeo doubled down Tuesday on accusing Russia of hacking the SolarWinds software, telling Bloomberg News that the incident “was in fact a Russian operation,” though emphasizing that the U.S. constantly faces cyberattacks from other nations including China, North Korea and Iran.

The federal agencies described the incident Tuesday as “a serious compromise that will require a sustained and dedicated effort to remediate, and vowed to “continue taking every necessary action to investigate, remediate, and share information with our partners and the American people.”

Some initial steps were taken to respond to the incident in December, with CISA issuing an emergency directive requiring all federal agencies to immediately disconnect from any SolarWinds products or software.

Federal agencies were not the only groups hit, with Microsoft confirming last week that the hackers had been able to view its source code, though not change anything, linking the attack to an unnamed nation state. 

Microsoft President Brad Smith wrote in a blog post published in December that the company had notified 40 customers that were targeted “more precisely” by the attackers, with these groups including government agencies, think tanks, IT groups and government contractors in the U.S. and around the world.

“This is not ‘espionage as usual,’ even in the digital age,” Smith wrote. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”

Key leaders on Capitol Hill called for strong action Tuesday to investigate the incident following the agencies’ statement attributing the hack to Russia.

“Russia has long been an aggressive and malign actor in cyberspace, and this operation demonstrates their continued determination and capability to attack our networks and undermine our national security, just as they attacked our democracy in 2016,” House Intelligence Committee Chairman Adam SchiffAdam Bennett SchiffBiden to keep Wray as FBI director Biden urged to reverse Pompeo-Trump move on Houthis Angus King warns of 'grave danger' of Trump revealing classified information MORE (D-Calif.) said in a statement.


Schiff called for the federal government to step up efforts to protect its networks against cyberattacks, along with pushing for a higher level of cooperation with the private sector to prevent these types of incidents.

“There is likely much more to learn, and this is only the beginning of this necessary work. Congress will need to conduct a comprehensive review of the circumstances leading to this compromise, assess the deficiencies in our defenses, take stock of the sufficiency of our response in order to prevent this from happening again, and ensure that we respond appropriately,” Schiff said.

House Homeland Security Committee ranking member John KatkoJohn Michael KatkoRep. John Katko: Why I became the first Republican lawmaker to support impeachment NY Republican says cybersecurity will be a high priority for Homeland Security panel Upton becomes first member of Congress to vote to impeach two presidents MORE (R-N.Y.) also pushed for a response to the incident. The panel, alongside the House Oversight and Reform Committee, opened an investigation into the SolarWinds incident last month.

“The size and scope of this cyber attack highlight the need to drive operational and policy improvements in the cybersecurity arena,” Katko tweeted. “As the lead Republican on the Homeland Security Committee, this will be a top priority. The stakes are too high.”

Updated: 6 p.m.