U.S. government agencies investigating a sophisticated espionage operation that uses tampered software made by SolarWinds said for the first time Tuesday that the hacking is “likely Russian in origin,” calling it “a serious compromise that will require a sustained and dedicated effort to remediate.”
The statement from multiple federal agencies — one of the most detailed official comments yet from investigators — also indicated that the espionage operation was targeted. While the malicious software update went to some 18,000 government and private-sector customers, U.S. officials said “a much smaller number have been compromised by follow-on activity on their systems.” That includes “fewer than” 10 U.S. government agencies, said the statement from the FBI, the Cybersecurity and Infrastructure Security Agency, Office of the Director of National Intelligence and the National Security Agency.
The alleged Russian hacking operation has roiled Washington, prompting investigations on Capitol Hill and federal cybersecurity officials to work over the holidays to determine the scope of the breach. The apparent espionage campaign is likely to be a big early test for cybersecurity policy in the presidency of Joe Biden, who has vowed a response. “Cyberattacks must be treated as a serious threat by our leadership at the highest level,” Biden said in December.
A handful of U.S. officials, including Secretary of State Mike Pompeo, had previously suggested Russia could be involved in the hack, but the interagency group investigating the incident had yet to do so. President Donald Trump has baselessly suggested China might be involved.
Russia-linked hackers’ history of alleged destructive behavior in cyberspace, including cyberattacks that cut power in Ukraine, had prompted some concerns about the intent of SolarWinds operation. The software is widely used in industrial organizations. However, U.S. investigators said Tuesday that the hacking “was, and continues to be, an intelligence gathering effort.”
The attackers behind the SolarWinds campaign have also challenged the defenses of America’s biggest tech and cybersecurity firms. The attackers were able to view Microsoft’s source code, and they stole the security tools that FireEye uses to test its clients’ defenses.