UK and US blame Russian intelligence service for SolarWinds cyber strike
Written by Finbarr Toesland Tue 27 Apr 2021
US Treasury declares SolarWinds attack “national security concern”
According to the US and UK, Russia’s Foreign Intelligence Service (SVR) was responsible for last year’s major SolarWinds cyber attack.
An estimated 18,000 companies around the world, including multiple government agencies, downloaded and installed an update for the SolarWinds Orion program that included malware.
A joint cybersecurity advisory released by the NSA, FBI and Cybersecurity & Infrastructure Security Agency (CISA) pointed to Russian state-sponsored cyber actors as being behind the highly sophisticated cyberattack.
The UK’s National Cyber Security Centre also believe it is “highly likely Russia’s Foreign Intelligence Services are responsible for the compromise of SolarWinds software, Orion, and subsequent targeting,” according to a Foreign, Commonwealth & Development Office (FCDO) press release.
In response to the cyberattack, the FCDO summoned the Russian Ambassador and US President Joe Biden introduced a new wave of sanctions against 32 Russian entities and officials, in addition to expelling 10 diplomats.
The US Treasury released a list of Russian technology companies they say support the Russian intelligence services. Positive Technologies and Neobit are two of the firms that appear on the list, with the former accused of “supporting Russian Government clients, including the FSB,” as well as hosting “large-scale conventions that are used as recruiting events for the FSB and GRU.”
This is not the first time the Russian Intelligence Services have been accused of conducting malicious cyber activity. The Federal Security Service (FSB) and Russia’s Main Intelligence Directorate (GRU) were sanctioned in both 2016 and 2018 for their apparent role in cyberattacks. The sheer scale of the SolarWinds compromise, combined with Russia’s history of damaging cyber operations makes this a “national security concern”, according to the US Treasury.
“The SVR has put at risk the global technology supply chain by allowing malware to be installed on the machines of tens of thousands of SolarWinds’ customers. Victims of the compromise include the financial sector, critical infrastructure, government networks, and many others. Further, this incident will cost businesses and consumers in the United States and worldwide millions of dollars to fully address,” says the press release.