US intelligence agencies have said they believe Russia was behind the “serious” cyber compromise revealed in December.
President Trump had previously suggested China might have been behind the hack, although other members of his administration had pointed the finger at Moscow.
In a joint statement, the intelligence bodies say they currently believe fewer than 10 US government agencies saw their data compromised, although other organisations outside of government were also affected.
They say work is still going on to understand the scope of the incident, which appears to have been aimed at gathering intelligence and which they say is “ongoing” a month after details first emerged.
The update on the investigation came in a statement from a task force called the Cyber Unified Coordination Group which was set up to deal with the incident. It comprises intelligence and law enforcement agencies including the FBI and NSA.
The group said it was still working to understand the scope of what had taken place.
Eighteen thousand customers who used Orion product from the company Solar Winds were exposed but US intelligence says it believes a much smaller number saw follow-on activity from the hackers in which they stole data. The US Treasury was among those which previously acknowledged being targeted.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the statement said. Many organisations are having to scour their systems for signs that they may have been compromised.
The incident sent shockwaves across the US partly because the breach was undiscovered for many months and was potentially far-reaching in terms of who it might have affected. It also suggested a degree of sophistication and stealth which was widely seen as a trademark of hackers from the SVR, Russia’s foreign intelligence agency.
Soon after the incident was revealed, President Trump raised the possibility that China might be responsible, but members of his own administration including the secretary of state and attorney general pointed the finger at Moscow. The latest statement shows the assessment of US intelligence agencies is that Russia was behind it, although it does not go so far as accusing the Russian state itself, saying only that the actor was “likely Russian in origin”. Moscow has denied playing any part.
President-elect Joe Biden has previously said it was important to take “meaningful steps” to hold those responsible to account. It is not yet clear, though, what that might involve. While some US politicians suggested the breach might even be compared to an “act of war”, most cyber-experts disputed this and the US intelligence community has now played down suggestions that it could have had destructive impact.
“At this time, we believe this was, and continues to be, an intelligence-gathering effort,” the latest statement says. This is significant since it suggests no evidence has been found that this was preparatory activity for a more destructive cyber-attack which might switch off systems. This may limit the US response since espionage operations do not breach the cyber norms the US itself promotes (largely because it too carries out such intelligence-gathering operations against other nations).
In December UK officials say they believed a small number of UK organisations were affected but said they did not believe they were in the public sector.