Jan. 6 (UPI) — U.S. intelligence agencies attributed a cyberattack affecting multiple federal agencies and Fortune 500 companies to Russia on Tuesday.
The FBI, Office of the Director of National Intelligence, National Security Agency, and the Cybersecurity and Infrastructure Security Agency identified Russia as the source of the early December attack on SolarWinds network security software following an investigation.
“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered ongoing cyber compromises of both government and non-governmental networks,” the agencies said in a joint statement.
The agencies said they were working to understand the scope of the incident but added they believe it was and continues to be “an intelligence-gathering effort.”
In a filing with the Securities and Exchange Commission last month, SolarWinds reported that up to 18,000 of its customers had been compromised.
In their statement Tuesday, the agencies said that of those affected, “a much smaller number has been compromised by follow-on activity on their systems,” including fewer than 10 government agencies.
“This is a serious compromise that will require a sustained and dedicated effort to remediate,” the agencies said.
Tuesday’s announcement followed comments from U.S. Secretary of State Mike Pompeo who said last month that the attack was “pretty clearly” linked to Russia, despite President Donald Trump suggesting in public comments that China may have been the culprit.
President-elect Joe Biden called on the Trump administration to “make an official attribution” of who was behind the attack while criticizing Trump, saying the attack happened on his watch “when he wasn’t watching.”