The U.S. government said January 5 that Russia was “likely” behind a massive hack of government and private company networks. The investigation has indicated that a Russian hacker is behind the government compromise.
Top U.S. officials have suggested Russian intelligence agency hackers are behind the operation. Moscow denies these accusations.
President Trump has downplayed the seriousness and impact of the cyberattack. Instead, he suggest China may have been behind the breach.
But the January 5 official statement was the first one accusing Russia by the Trump administration. It also provided a partial answer to what the hackers intend to do with the information. Their goal appears to be intelligence gathering versus targeting infrastructure.
The breach began in March when hackers put malicious code into updates in SolarWinds software. The government and thousands of businesses and entities use this software.
This was first discovered in December 2020 when cybersecurity firm FireEye found the breach in the security firm.
The U.S. government said approximately 18,000 sector customers of SolarWinds’ Orion product were affected. Yet, investigators have determined a “smaller number” were affected by follow-on activities.
“We have so far identified fewer than 10 U.S. government agencies that fall into this category. They are working to identify the non-government entities who also may be harmed,” the statement said.
“This is a serious compromise that will need a sustained and dedicated effort to remediate,” it added.
There was no mention of which specific U.S. government agencies remain compromised. Among those known to have been targeted include Treasury, Commerce, State, Homeland Security, and Defense.
More updates to come.