US intel agencies blame Russia for massive SolarWinds hack

A group of U.S. intelligence agencies on Tuesday formally accused Russia of being linked to the recently discovered hack of IT group SolarWinds that compromised much of the federal government.

The FBI, the Office of the Director of National Intelligence (ODNI), the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) attributed the effort to Russia. The group had set up a cyber unified coordination group in December after the compromise of SolarWinds was revealed.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the agencies said in a joint statement around their investigation into the cyber incident.


The agencies emphasized that “at this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”

Reuters first reported last month that the Commerce and Treasury departments had been hacked as part of the attack on SolarWinds, which counts the majority of federal agencies and U.S. Fortune 500 companies as customers.

Since then, agencies including the Department of Homeland Security, the Department of Defense and the Energy Department’s National Nuclear Security Administration have confirmed they were affected by the attack, with hackers potentially present in these systems since March.

SolarWinds reported in a filing with the Securities and Exchange Commission last month that up to 18,000 of its customers had potentially been compromised.

The federal agencies on Tuesday noted that of the 18,000 public and private sector groups that used SolarWinds’s Orion software, which the hackers used to infiltrate networks, “fewer than ten U.S. government agencies” had been “compromised by follow-on activity in their systems."

President TrumpDonald TrumpSchumer: Impeachment trial will be quick, doesn't need a lot of witnesses Nurse to be tapped by Biden as acting surgeon general: report Schumer calls for Biden to declare climate emergency MORE addressed the hack — among the worst cyber incidents in American history — in a tweet last month in which he questioned whether China was involved. Both the Chinese and Russian governments have denied involvement.


“The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control,” Trump tweeted. “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”

Both Secretary of State Mike PompeoMike PompeoChina: US military presence in South China Sea a threat to peace, stability White House installs new leadership at federally-funded international broadcasters US carrier group enters South China Sea amid tensions between China, Taiwan MORE and former Attorney General William BarrBill BarrPoll finds 1 in 3 believe false claims voter fraud led to Biden win Trump pressed DOJ to go to Supreme Court in bid to overturn election: report Budowsky: Democracy won, Trump lost, President Biden inaugurated MORE have previously said they believed Russia was behind the cyber espionage incident, while President-elect Joe BidenJoe BidenBudowsky: A Biden-McConnell state of emergency summit DC might win US House vote if it tries Inaugural poet Amanda Gorman inks deal with IMG Models MORE described the hack as a "grave risk to our national security.”

Biden said last month that the attack had all the hallmarks of a Russian cyber operation, and urged Trump to officially designate the nation as behind the incident.

“It certainly fits Russia’s long history of reckless disruptive cyber activities, but the Trump administration needs to make an official attribution,” Biden said. “This assault happened on Donald Trump’s watch when he wasn’t watching. It’s still his responsibility as president to defend American interests for the next four weeks.”

Pompeo doubled down Tuesday on accusing Russia of hacking the SolarWinds software, telling Bloomberg News that the incident “was in fact a Russian operation,” though emphasizing that the U.S. constantly faces cyberattacks from other nations including China, North Korea and Iran.

The federal agencies described the incident Tuesday as “a serious compromise that will require a sustained and dedicated effort to remediate, and vowed to “continue taking every necessary action to investigate, remediate, and share information with our partners and the American people.”

Some initial steps were taken to respond to the incident in December, with CISA issuing an emergency directive requiring all federal agencies to immediately disconnect from any SolarWinds products or software.

Federal agencies were not the only groups hit, with Microsoft confirming last week that the hackers had been able to view its source code, though not change anything, linking the attack to an unnamed nation state. 

Microsoft President Brad Smith wrote in a blog post published in December that the company had notified 40 customers that were targeted “more precisely” by the attackers, with these groups including government agencies, think tanks, IT groups and government contractors in the U.S. and around the world.

“This is not ‘espionage as usual,’ even in the digital age,” Smith wrote. “Instead, it represents an act of recklessness that created a serious technological vulnerability for the United States and the world.”

Key leaders on Capitol Hill called for strong action Tuesday to investigate the incident following the agencies’ statement attributing the hack to Russia.

“Russia has long been an aggressive and malign actor in cyberspace, and this operation demonstrates their continued determination and capability to attack our networks and undermine our national security, just as they attacked our democracy in 2016,” House Intelligence Committee Chairman Adam SchiffAdam Bennett SchiffGlenn Greenwald warns against media censorship amid concerns over domestic terrorism Biden to keep Wray as FBI director Biden urged to reverse Pompeo-Trump move on Houthis MORE (D-Calif.) said in a statement.


Schiff called for the federal government to step up efforts to protect its networks against cyberattacks, along with pushing for a higher level of cooperation with the private sector to prevent these types of incidents.

“There is likely much more to learn, and this is only the beginning of this necessary work. Congress will need to conduct a comprehensive review of the circumstances leading to this compromise, assess the deficiencies in our defenses, take stock of the sufficiency of our response in order to prevent this from happening again, and ensure that we respond appropriately,” Schiff said.

House Homeland Security Committee ranking member John KatkoJohn Michael KatkoCalls grow for 9/11-style panel to probe Capitol attack Hillicon Valley: Intelligence agency gathers US smartphone location data without warrants, memo says | Democrats seek answers on impact of Russian hack on DOJ, courts | Airbnb offers Biden administration help with vaccine distribution House lawmakers reintroduce bipartisan bill to weed out foreign disinformation on social media MORE (R-N.Y.) also pushed for a response to the incident. The panel, alongside the House Oversight and Reform Committee, opened an investigation into the SolarWinds incident last month.

“The size and scope of this cyber attack highlight the need to drive operational and policy improvements in the cybersecurity arena,” Katko tweeted. “As the lead Republican on the Homeland Security Committee, this will be a top priority. The stakes are too high.”

Updated: 6 p.m.