US security agencies have formally identified a Russian advanced persistent threat group as the “likely” culprit behind the SolarWinds hack that compromised approximately 18,000 organisations.

A joint statement by the FBI, National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the Director of National Intelligence (ODNI) described the cyberattack as an “intelligence-gathering effort”.

The SolarWinds hack, which has been dubbed Sunburst, first came to light in December when US cybersecurity firm FireEye revealed it had been breached by a “highly sophisticated” attack launched by a nation state with “top-tier offensive capabilities”.

The four security agencies have formed a task force known as the Cyber Unified Coordination Group (UCG) to investigate the SolarWinds hack, which has affected thousands of public and private sector customers using SolarWinds’ popular Orion product.

As early as March, the suspected Russian nation-state hackers injected malicious code into software updates for Orion, which is used by organisations to monitor their computer networks for outages and problems.

Companies that installed the tainted Orion update unwittingly gave the hackers remote access to their networks, allowing them to steal information and possibly lay the groundwork for future attacks.

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

The UCG said in its statement that “fewer than ten US government agencies” were compromised by the SolarWinds hack.

In December Reuters reported that the US Treasury and Commerce departments were affected by the attack. The US energy department, which is responsible for managing nuclear weapons, was also compromised. However, the department said the security of its nuclear arsenal remained uncompromised.

The SolarWinds hack has been described as one of the worst ever cyber espionage attacks on the US government.

Russia has denied any involvement in the attack.

Last month the Washington Post linked the SolarWinds hack to APT29, a hacking group associated with the Russian Foreign Intelligence Service.

The UCG has not linked the attack to APT29 and said it continues to gather evidence and investigate.


Read more: Microsoft confirms it found “malicious” SolarWinds code on its systems