Federal cyber officials on Thursday blamed the Russian Foreign Intelligence Service (SVR) for the SolarWinds hack of computer network management software and the targeting of COVID-19 research.
Previously, the government had said Russia was likely responsible for the hack that compromised nine federal agencies, but Thursday’s joint statement from the National Security Agency, FBI, and Cybersecurity and Infrastructure Security Agency provided more formal attribution of the hack that was publicly disclosed last year. The federal agencies pointed to SVR actors, also known as APT29 and Cozy Bear, as responsible for the hack.
“Recent Russian SVR activities include compromising SolarWinds® Orion® software updates, targeting COVID-19 research facilities through deploying WellMess malware, and leveraging a VMware® vulnerability that was a zero-day at the time for follow-on Security Assertion Markup Language (SAML) authentication abuse,” said the agencies in the cybersecurity advisory. “SVR cyber actors also used authentication abuse tactics following SolarWinds-based breaches.”
The federal agencies said Russian-sponsored cyber actors constantly scan, target and exploit U.S. networks and urged “all cybersecurity stakeholders” to check their networks for indications of compromise by the Russian hackers.
To better protect against Russian hackers, the cybersecurity advisory said stakeholders should assume breaches will happen, continuously hunt for bad actors, and only communicate about breaches on out-of-brand channels.
The cyber officials’ statement coincided with the Biden administration’s decision to put sanctions on Russia for its cyberattacks and its efforts to influence the presidential election.
SEE ALSO: Joe Biden expels diplomats, hits Russia with sanctions over cyberattacks, election interference
The Treasury Department said it took action against 16 entities and 16 individuals over the Russian government’s attempts to influence elections.