The Tuesday statement, issued by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA), said less than 10 US government agencies had been compromised by the hacking of SolarWinds' Orion software.
According to their statement, "an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks."
"At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly," the agencies added. "This is a serious compromise that will require sustained a effort and dedicated effort to remediate."
The series of hack attacks were first reported last month after hackers managed to penetrate SolarWinds' Orion software, which was used by several major US government agencies and many Fortune 500 companies. CISA quickly directed US government agencies as well as private users to stop using SolarWinds' products, but not before the hackers penetrated the US Departments of Homeland Security and Commerce, the US Treasury, viewing Microsoft's source code in the process, the company said.
The US government then established the Cyber Unified Coordination Group (UCG) to investigate the incident. The UCG continues to work to understand the scope of the attack and currently believes that a small number of the SolarWinds clients were affected. The UCG said it believes that intelligence gathering was the main purpose of the attack.
Early accusations quickly ran to Russia, with US Secretary of State Mike Pompeo saying on December 18 Russia was "pretty clearly" responsible and US President-elect Joe Biden said his forthcoming administration would consider sanctioning Moscow as punishment.
In response, Kremlin spokesperson Dmitry Peskov said Russia had no part in the hacking operations and that the accusations were "unfounded" and the result of "blind Russophobia."
The Washington Post claimed in December that a hacking group called APT29, also known as "the Dukes" or "Cozy Bear", allegedly linked to Moscow, was behind intrusions but provided no evidence to back the allegation. According to the newspaper, the hack took place via a Microsoft corporate partner, which handles cloud-access services.
Following the reports, US President Donald Trump, who was "fully briefed" on the matter, said that the attacks were exaggerated by "Fake News Media", alleging that China could have been responsible for the hack, and suggesting alleged election fraud was much of a bigger issue for the United States.
....discussing the possibility that it may be China (it may!). There could also have been a hit on our ridiculous voting machines during the election, which is now obvious that I won big, making it an even more corrupted embarrassment for the USA. @DNI_Ratcliffe @SecPompeo— Donald J. Trump (@realDonaldTrump) December 19, 2020