US attributes SolarWinds campaign to Russia's SVR.
The US Administration on Thursday announced a set of measures designed to impose costs on Russian threat actors for election influence operations, for the SolarWinds compromise, and for other cyberespionage incidents. The steps taken include sanctions, diplomatic expulsions, and naming and shaming. The National Security Agency, the Cybersecurity and Infrastructure Security Agency (CISA), and the FBI jointly released a Cybersecurity Advisory attributing the SolarWinds campaign to Russia's Foreign Intelligence Service (SVR). The SVR is tracked by the industry as APT29 or Cozy Bear.
The White House stated:
"Today the United States is formally naming the Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures. The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR.
"The SVR’s compromise of the SolarWinds software supply chain gave it the ability to spy on or potentially disrupt more than 16,000 computer systems worldwide. The scope of this compromise is a national security and public safety concern. Moreover, it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident.
"Today, the National Security Agency, the Cybersecurity & Infrastructure Security Agency, and the Federal Bureau of Investigation are jointly issuing a cybersecurity advisory, “Russian SVR Targets U.S. and Allied Networks,” that provides specific details on software vulnerabilities that the SVR uses to gain access to victim devices and networks. The advisory also provides specific steps that network defenders can take to identify and defend against the SVR’s malicious cyber activity.
"Additionally, the SVR’s compromise of SolarWinds and other companies highlights the risks posed by Russia’s efforts to target companies worldwide through supply chain exploitation. Those efforts should serve as a warning about the risks of using information and communications technology and services (ICTS) supplied by companies that operate or store user data in Russia or rely on software development or remote technical support by personnel in Russia. The U.S. government is evaluating whether to take action under Executive Order 13873 to better protect our ICTS supply chain from further exploitation by Russia."