US intelligence and law enforcement agencies said Tuesday that Russia was probably behind the massive SolarWinds hack that has shaken government and corporate security, contradicting President Donald Trump, who had suggested China could be to blame.
A joint statement by the FBI, Directorate of National Intelligence, the National Security Agency, and Cybersecurity and Infrastructure Security Agency outlined their findings in what experts have called the most devastating break in US computer security in years.
Their investigation "indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," they said.
Trump, who over four years has steadfastly avoided criticising Moscow, has refused to finger Russia in the hacking case.
"Russia, Russia, Russia is the priority chant when anything happens," he tweeted about the hack in December, adding that the media were, "for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)."
The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of....— Donald J. Trump (@realDonaldTrump) December 19, 2020
Both Secretary of State Mike Pompeo and then-Attorney General Bill Barr have also previously pointed to Moscow as the culprits.
Some 18,000 public and private customers of SolarWinds would be vulnerable to the hack, the statement said.
But it said that out of that number, "a much smaller number have been compromised by follow-on activity on their systems."
So far investigators have found less than 10 US government agencies whose systems were compromised, the statement said.
The statement did not identify which agencies. But some have admitted they were targets, including the State Department, Commerce Department, Treasury, Homeland Security Department, Defense Department, and the National Institutes of Health.
The intrusion, which began earlier this year, only became public in December, revealed by private security consultants.
It sparked concerns that those behind it may have been able to access highly classified government secrets.
The three agencies said that they believe the hack "was, and continues to be, an intelligence gathering effort," rather than an effort to steal corporate secrets or wreak damage on IT systems.
"This is a serious compromise that will require a sustained and dedicated effort to remediate," they said.
The wording in the attribution, that it was "likely" a breach by Russians, came under fire from a senior lawmaker who had already been briefed by US intelligence in December on it.
"It's unfortunate that it has taken over three weeks after the revelation of an intrusion this significant for this Administration to finally issue a tentative attribution," said Senator Mark Warner, vice chairman of the Senate Intelligence committee.
"I would hope that we will begin to see something more definitive," he said.
"We need to make clear to Russia that any misuse of compromised networks to produce destructive or harmful effects is unacceptable and will prompt an appropriately strong response."
What will be the most exciting tech launch of 2021? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts, Google Podcasts, or RSS, download the episode, or just hit the play button below.