FBI, NSA and CISA say SolarWinds hack was likely of Russian origin

padlock-cellphone.png

The SolarWinds attack likely came from Russia, the FBI has said.


CNET/Amanda Kooser

The SolarWinds hack has been identified as being “likely Russian in origin,” a joint statement from the FBI, NSA, Cybersecurity and Infrastructure Security Agency (CISA) and Office of the Director of National Intelligence (ODNI) said Tuesday. It’s the first time the four agencies have attributed the cyber attack to Russia.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” the statement said. “At this time, we believe this was, and continues to be, an intelligence gathering effort.”

Read more: SolarWinds hack continues to spread: What you need to know

US Secretary of State Mike Pompeo had said in a news interview last month that the SolarWinds attack was likely of Russian origin, but there had been no formal statement until now.

The joint statement added that of the 18,000 affected companies and agencies, only 10 US government agencies have been found so far to be “compromised by follow-on activity on their systems.”

The Cyber Unified Coordination Group, made up of the FBI, NSA, CISA and ODNI, continues to investigate the hack, which started in 2020 when hackers compromised IT management software from Austin, Texas-based company SolarWinds.

The breach reportedly included an email system used by senior leadership at the Treasury Department. 

source: cnet.com