The U.S. government said January 5 that Russia was “likely” behind a massive hack of government and private company networks discovered last month and the intrusion was an “intelligence-gathering effort.”
In a joint statement issued by the director of national intelligence, FBI, and other investigative agencies, the U.S. government said that it was still trying to understand the scope and mitigate a “significant cyberincident” involving federal government networks.
The investigation has so far indicated that a hacker “likely Russian in origin” is behind what federal authorities described as an “ongoing” compromise of both government and nongovernmental networks.
“At this time, we believe this was, and continues to be, an intelligence-gathering effort,” the statement said.
Top U.S. officials including Secretary of State Mike Pompeo have previously suggested Russian intelligence agency hackers are behind the sophisticated operation, which Moscow has denied.
U.S. President Donald Trump has downplayed the seriousness and impact of the cyberattack, while casting doubt on whether Russia is responsible. Instead, he contradicted his own officials and experts by suggesting China may have been behind the breach.
But the January 5 official statement was the first one formally accusing Russia by the Trump administration.
It also provided a partial answer to the open question of what the hackers intend to do with the information by clarifying their goal appears to be intelligence gathering rather than a destructive act such as targeting infrastructure.
The massive breach began as early as March when hackers slipped malicious code into updates in SolarWinds software used by the government and thousands of businesses and entities. The intrusion was first discovered in December 2020 when cybersecurity firm FireEye found the breach when the security firm itself was targeted.
In the statement, the U.S. government said approximately 18,000 public and private sector customers of SolarWinds’ Orion product had been affected.
However, investigators have determined a “much smaller number” have been impacted by follow-on activities.
“We have so far identified fewer than 10 U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted,” the statement said.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” it added.
There was no mention of which specific U.S. government agencies remain potentially compromised, but among those known to have been targeted include Treasury, Commerce, State, Homeland Security, and Defense.