The US government says hackers are “likely to be Russian in origin” responsible for breaking the network of at least 10 US federal agencies and several major tech companies, including FireEye. And Microsoft.
In a joint statement published on Tuesday, the FBI, NSA and Homeland Security’s cybersecurity advisory unit CIS said The government was “still working to understand the scope” of the breech, but the breaches are likely “intelligence aggregation efforts”.
The statement did not name the agencies, but the Treasury, the state and the Department of Energy are among those affected.
News of an extensive espionage operation came to light in early December after cyberspace giant FireEye, the first company to call cyberbait victims in general, found that its own network had been broken. Shortly thereafter, it was reported that several government agencies had infiltrated.
All of the victims are customers of the American software firm SolarWinds, whose Orion network management tools are used in US government and Fortune 500 companies. FireEye Hackers said that Broke into SolarWinds’ network and pushed a tainted software update to its customers, allowing hackers to easily break into any of thousands of networks.
Some 18,000 customers downloaded the backdoor software update, but the government’s joint statement said they believed “a very small number of their systems have been compromised by follow-on activity.”
Several news outlets have reported that the hack was carried out by a Russian intelligence group known as APT 29, or Cozy Bear, linked to several espionage-driven attacks, including stealing vaccine research of the coronavirus virus Attempt is included. Tuesday’s joint statement will be the first time the government has acknowledged the possible culprit behind the campaign.
Russia previously denied involvement with the hack.