A Russian Advanced Persistent Threat group is likely behind the recent cyberattacks on government and non-government networks for intelligence gathering purposes, according to federal officials.
The Cyber Unified Coordination Group (UCG) announced Tuesday that nearly ten U.S. government agencies experienced follow-on activity on their systems after being compromised through a malicious update to their SolarWinds Orion network monitoring platform. The UCG said it’s also working to identify and notify the nongovernment entities that experienced follow-on activity on their systems.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the UCG said in a joint statement. “We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”
Official attribution of the SolarWinds attack to Russia is consistent with most previous statements by federal officials as well as media reports. The Washington Post on Dec. 13 became the first entity to attribute the campaign to hackers affiliated with the Russian foreign intelligence service, also known as APT29 or Cozy Bear.
Then on Dec. 15, U.S. Sen. Richard Blumenthal, D-Conn., backed the Post’s claims, tweeting “Stunning. Today’s classified briefing on Russia’s cyberattack left me deeply alarmed, in fact downright scared.” Three days later, Secretary of State Mike Pompeo became the first Trump administration official to blame Russia, stating “we can say pretty clearly that it was the Russians that engaged in this