Enlarge /. Side view of the colorful St. Basil's Cathedral in Moscow on the Red Square in front of the Kremlin, Russia.
Hackers working for the Russian government were "likely" behind the software supply chain attack that opened a back door into the networks of 180,000 private companies and government agencies, officials from the US National Security Agency and three other agencies said Tuesday With.
The assessment, which was made in a joint statement from the FBI, the Agency for Cybersecurity and Infrastructure Security, and the Office of the Director for National Intelligence, found that the hacking campaign is a "serious compromise that requires a sustained compromise and dedicated effort to Redevelopment. "
Russia, Russia, Russia
The statement contradicts tweets from US President Donald Trump denying the involvement of the Russian government and downplaying the severity of the attack that compromised SolarWinds' software distribution system in Austin, Texas and used it to update a malicious update to nearly 200,000 to bring his customers.
"The cyber hack is far bigger in the fake news media than it is in reality," Trump wrote in a Twitter thread last month. “I was fully informed and everything is well under control. Russia, Russia, Russia is the primary chant if something happens because Lamestream is petrified, largely for financial reasons, to discuss the possibility that it could (it could be!) China. "
The cyber hack is far bigger in the fake news media than it is in reality. I have been fully informed and everything is well under control. Russia, Russia, Russia is the primary chant when something happens because Lamestream is petrified by largely financial reasons …
– Donald J. Trump (@realDonaldTrump) December 19, 2020
There was no mention of China in Tuesday's statement. Instead, it is said that the agencies' investigations so far indicate that the hack was a Kremlin-sponsored espionage operation.
"This work shows that an Advanced Persistent Threat (APT) actor, likely of Russian origin, is responsible for most or all of the recently discovered persistent cyber compromises by both government and non-government networks," officials wrote. “At this point, we believe this was and will be an information-gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly. "
The statement is the second time Trump has been contradicted by people working under his administration. Secretary of State Mike Pompeo has also said that Russia is "pretty clearly" behind the hack.
Since the mass compromise was announced three weeks ago, investigators in both the public and private sectors have struggled to find out who is behind the hack, who is infected, and what motivates the hackers.
SolarWinds, a network management software company, was the source for the number that 180,000 companies installed the backdoor update. Since then, researchers elsewhere have found that only a subset of these organizations received a follow-up attack that installed additional malware through the backdoor, digging much deeper into networks.
So far, the agencies have "identified fewer than ten US government agencies that fall into this category and are working to identify and notify the non-governmental organizations that may also be affected." The agencies were not named in Tuesday's joint statement. Previous media reports cited the Defense, State, Treasury, Trade, Homeland Security, Agriculture and Energy Departments as victims, but not all reports explicitly state that these authorities received the follow-up attack.
On December 31, Microsoft announced that the hackers had used the back door on their network to view the source code, and the company's researchers were investigating further. The entire campaign came to light after FireEye, one of the world's leading security companies, announced it had been breached. The security company CrowdStrike has since announced that this attempt failed, although it was also carried out specifically.
The failure of the NSA and other federal agencies to expose the month-long hacking operation against some of the most sensitive government agencies and private companies was a major embarrassment. Tuesday's statement suggests agencies are still struggling to contain and assess the damage caused.
Regardless of how Trump receives Tuesday's assessment, it sets the stage for new President Joe Biden, who attacked Trump for downplaying the hack.