Earlier in December 2020, the White House had acknowledged that a Russian state-sponsored group known as the Cozy Bear or APT 29 carried out a targeted cyberattack on several U.S. government agencies. The hack successfully compromised the networks of several public and private organizations around the globe. But there was no formal proof affirming Russia’s involvement. However, the Biden administration, along with the U.K. government, has now sanctioned and specifically blamed Russia for the SolarWinds hack and said it was an attempt to “destabilize our societies.”
Related News:
White House Confirms Cyberattack on U.S. Dept of Treasury and Commerce
Biden Ups the Ante in the Cyber Space
A hack of this capacity required a thorough investigation and an ample amount of time. But the new POTUS, Joe Biden, took the issue of cybersecurity on his first day in office. He announced three new appointments for the national cybersecurity agencies, a budget of $10 billion to strengthen the cyber defenses, and asked for a detailed report on what was called the biggest hack of the decade – the SolarWinds cyberattack.
Related News:
Biden closely followed up on this and, in late February 2021, was readying sanctions and other measures against Russia for their “serious” cyber espionage campaigns against multiple government and corporate networks.
Both U.S. and U.K. Find Traces of SVR’s Involvement
According to the U.S. and U.K. governments, the SolarWinds attack was conducted by the Russian Foreign Intelligence Service – SVR (also known as APT29, Cozy Bear, or the Dukes).
The SVR is Russia’s civilian foreign intelligence service and is reportedly a successor to the KGB’s First Chief Directorate. SVR is known to target overseas governmental, diplomatic, think-tank, health care, and energy sectors for intelligence purposes. It invests a lot in developing advanced capabilities that would help them dodge their enemies’ well-guarded systems. This could be why they stole the “red team tools,” used by the cybersecurity firm FireEye to know more about the techniques associated with other known threat actors, which would further strengthen their position.
A press release from the U.K. government said,
The U.K. can today reveal for the first time that Russia’s Foreign Intelligence Service (SVR) was behind a series of cyber intrusions, including the SolarWinds compromise. The U.K. and U.S. are today calling out Russia for carrying out the SolarWinds compromise, which is part of a wider pattern of activities by the Russian Intelligence Services against the U.K. and its allies.
The National Cyber Security Centre (NCSC) has extensively assessed the SolarWinds compromise and concluded that “the overall impact on the U.K. of the SVR’s exploitation of this software is low.” The NCSC found 14 public sector organizations using the SolarWinds Orion tool but only six have been identified to be targeted through this vulnerability.
Biden’s Sanctions Against Russia
Concurring with the U.K., the Biden administration announced that the U.S. was imposing sanctions against Russia-linked technology firms, and additionally, expelling 10 Russian diplomats who are allegedly linked to their intelligence arm (SVR), which attempted interference in the presidential elections and for conducting cyberattacks against federal agencies.
The U.S. Department of Treasury said,
Today, we took multiple sanctions actions under a new Executive Order (E.O.) targeting aggressive and harmful activities by the Government of the Russian Federation. Treasury’s actions include the implementation of new prohibitions on certain dealings in Russian sovereign debt, as well as targeted sanctions on technology companies that support the Russian Intelligence Services’ efforts to carry out malicious cyber activities against the U.S.
As per the notifications, the six technology companies that have been apprehended by the U.S. government for providing support to Russian Intelligence Services’ cyber operations include:
- ERA Technopolis
- Pasit, AO (Pasit)
- Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA)
- Neobit, OOO (Neobit)
- Advanced System Technology, AO (AST)
- Pozitiv Teknolodzhiz, AO (Positive Technologies)
On the other hand, the U.K.’s Foreign, Commonwealth, and Development Office (FCDO) has decided to tighten the grip on Russia by summoning the Russian ambassador to the U.K. to probe the SolarWinds cyberattack and the subsequent malicious activities. FCDO Permanent Under-Secretary Sir Philip Barton made clear that the U.K. supports the actions announced by President Biden in response to Russia’s recent activity. He added that the “Government is deeply concerned about a pattern of malign behavior by the Russian State,” and that “Russia needs to cease its provocations and de-escalate the brewing tensions” at the earliest.
Related News:
Microsoft and FireEye Create a “Killswitch” for Sunburst Malware Affecting SolarWinds’ Orion