US security agencies have said that Russia was likely behind a massive cyber espionage campaign uncovered late last year, contradicting earlier statements from President Donald Trump, who played down the possibility of Moscow’s involvement.
In a joint statement on Tuesday, the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the Office of the Director of National Intelligence described the motivation for the attacks as “an intelligence gathering effort”, rather than for the purpose of data manipulation or other more destructive efforts.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” they said, adding that the perpetrators were “likely Russian in origin”.
The hackers gained access to systems by hijacking software in March from SolarWinds, a Texas-based information technology company, which has said that some 18,000 of its government and private-sector clients globally may have been exposed.
The agencies on Tuesday said that “a much smaller number have been compromised by follow-on activity on their systems”. It identified “fewer than 10” US federal agencies falling into this category, and said it was “working to identify and notify the non-government entities who also may be impacted”.
So far, only the US commerce, energy and Treasury departments have acknowledged publicly that they were breached, together with a handful of companies, including Microsoft and FireEye.
The NSA has previously said the hackers in some instances posed as legitimate employees to move around undetected and tap sensitive information stored in the cloud.
The latest statement marks the first official attribution of the hack to a nation state, although the intelligence community and several politicians have said the attack bears the hallmarks of the SVR, Russia’s foreign intelligence service.
However, Mr Trump has previously claimed that the hack was being overhyped “in the fake news media”, adding in a tweet: “Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!).”
Russia has denied any involvement.
It will probably fall to the Biden administration to decide what, if any, response the US government should take against the hackers.
On Tuesday Adam Schiff, chairman of the House of Representatives intelligence committee, said in a statement: “Congress will need to conduct a comprehensive review of the circumstances leading to this compromise, assess the deficiencies in our defences, take stock of the sufficiency of our response in order to prevent this from happening again, and ensure that we respond appropriately.”
The agencies described the hack as “ongoing”, as investigators try to identify victims and eject the hackers from their systems once detected, which experts say could take months if not years.
“We are taking all necessary steps to understand the full scope of this campaign and respond accordingly,” the agencies said.