Russia is suspected to be behind a sustained cyber campaign against multiple U.S. government agencies by compromising a piece of software from SolarWinds.

Wei Shi

December 18, 2020

2 Min Read
Russia implicated in massive cyber-attacks on American government agencies

Russian intelligence service is suspected to be behind a sustained cyber campaign against multiple U.S. government agencies by compromising a piece of software from SolarWinds.

SolarWinds, the Texas-based, NYSE-listed company that provides the widely used network monitoring software Orion Platform, filed a Form 8-K at the SEC, admitting that “a cyberattack that inserted a vulnerability within its Orion monitoring products” has taken place, as a result of “a highly sophisticated, targeted and manual supply chain attack by an outside nation state”.

SolarWinds said it has not “independently verified the identity of the attackers”, sources told The Washington Post that the Russian hacker group, nicknamed APT29 or Cozy Bear, which are part of Russia’s foreign intelligence service, the SVR, are likely to behind the attacks.

According to SolarWinds’s inspection, the breach happened between March and June this year, when hackers managed to acquire superuser access to SolarWinds software updates released during this period. Hackers could then gain privileged access to networks and spy unnoticed. SolarWinds said fewer than 18,000 of its customers have been affected.

According to Bloomberg, compromised American government agencies included Departments of Defense, State, Treasury, Energy, Homeland Security, and Commerce, as well as the National Nuclear Security Administration, though officials told Bloomberg that “the malware was isolated to business networks and didn’t affect national security functions.”

In a latest development, Microsoft said it has also found the malicious software in its environment, though, its spokesman reassured its customers, it has been “isolated and removed”. In a blogpost, Brad Smith, Microsoft’s President, said Microsoft’s Defender Anti-Virus software has identified customers who installed comprised SolarWinds software have “created a supply chain vulnerability of nearly global importance, reaching many major national capitals outside Russia.”

More than 80% of Microsoft’s customers that the attackers have compromised, numbered over 40, according to Smith, are located in the US, the rest are in Canada, Mexico, Belgium, Spain, the UK, Israel, and the UAE.

Russia denied the allegations. “We declare responsibly: malicious activities in the information space contradicts the principles of the Russian foreign policy, national interests and our understanding of interstate relations. Russia does not conduct offensive operations in the cyber domain,” Russian embassy in the US said on Facebook, quoted by TASS, the news agency.

About the Author(s)

Wei Shi

Wei leads the Telecoms.com Intelligence function. His responsibilities include managing and producing premium content for Telecoms.com Intelligence, undertaking special projects, and supporting internal and external partners. Wei’s research and writing have followed the heartbeat of the telecoms industry. His recent long form publications cover topics ranging from 5G and beyond, edge computing, and digital transformation, to artificial intelligence, telco cloud, and 5G devices. Wei also regularly contributes to the Telecoms.com news site and other group titles when he puts on his technology journalist hat. Wei has two decades’ experience in the telecoms ecosystem in Asia and Europe, both on the corporate side and on the professional service side. His former employers include Nokia and Strategy Analytics. Wei is a graduate of The London School of Economics. He speaks English, French, and Chinese, and has a working knowledge of Finnish and German. He is based in Telecom.com’s London office.

You May Also Like