A cyber hack into federal and private sector networks that was disclosed late last year likely came from a threat actor in Russia, several U.S. government agencies said on Tuesday, the first time the government has indicated that Russia may have been involved in the incident.
The statement also says that the ongoing hack appears to be aimed at gathering intelligence.
"This work indicates that and Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," says a joint statement by the FBI, Department of Homeland Security Cybersecurity and Infrastructure Security Agency, the Office of the Director of National Intelligence (ODNI), and the National Security Agency. "At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly."
The hack was first reported on Dec. 9 by the cyber security firm FireEye [FEYE], which said the sophisticated nature of the intrusion was likely committed by a nation-state with high-end offensive cyber capabilities. Subsequent reports said that a Russian intelligence service was behind the cyber intrusion.
At the federal level the ongoing cyber incident is being investigated by the Cyber Unified Coordination Group (UCG), a task force set up by the White House National Security Council that includes the FBI, CISA and ODNI with support from the NSA.
The hackers gained entry into federal and private computer networks via software provided by a Texas-based network management company, SolarWinds [SWI]. The joint statement says that of 18,000 SolarWinds' customers that have the company's Orion products, "a much smaller number has been compromise by follow-on activity on their systems." It also says that so far "fewer than 10 U.S. government agencies fall into this category, and we are working to identify the nongovernment entities who also may be impacted."