Skip to main content

US government blames Russia for SolarWinds hack

(Image credit: Shutterstock / Song_about_summer)

The US government has accused Russia of being behind the recent SolarWinds attack (opens in new tab), which is considered to be among the most significant of 2020.

On Tuesday, four US security agencies, all members of a task force set up specifically to investigate the SolarWinds attack, issued a joint statement (opens in new tab) claiming the attack was “likely Russian in origin”.

The agencies in question are: the FBI, NSA, CISA (Cybersecurity and Infrastructure Security Agency) and ODNI (Office of the Director of National Intelligence), which form the the Cyber Unified Coordination Group (UCG).

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the statement reads.

“At this time, we believe this was, and continues to be, an intelligence gathering effort.”

Commentators have suggested the statement is important for two reasons. First, it addressed public criticism of President Trump, who had refrained from blaming Russia. Second, it describes the attack as an “intelligence gathering effort”, which should rule out theories that the goal of the attack was to tamper with voting machines and facilitate election fraud.

The statement does not name names, but experts claim cybercriminal syndicate APT29, linked with multiple previous high-profile breaches, could be behind the attack.

The group responsible used a compromised Office 365 account to breach SolarWinds’ network and plant malicious code into a patch for its Orion software. A total of 18,000 businesses and government agencies (opens in new tab) downloaded the patch.

The goal was for the patch to act as a gate-opener, allowing the criminals to install second-stage malware, Teardrop. According to the statement, “fewer than ten US government agencies” were targeted with Teardrop.

To add insult to injury, SolarWinds’ shareholders have also filed a lawsuit (opens in new tab) against the company’s leaders, arguing that they knew about the breach and didn’t tell them. 

They also claim SolarWinds’ cybersecurity practices were not up to industry standards, and that the company even used a server password of “solarwinds123”.

Investors are seeking damages for "reasonable costs and expenses incurred", lawyer fees and court fines against the company.

Sead Fadilpašić
Sead Fadilpašić

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.