It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US

It was Russia wot did it: SolarWinds hack was done by Kremlin's APT29 crew, say UK and US

Russia’s infamous APT 29, aka Cozy Bear, was behind the SolarWinds Orion attack, the US and UK governments said today as America slapped sanctions on Russian infosec companies as well as expelling diplomats from that country’s US embassy.


One of the sanctioned companies is Positive Technologies, familiar in the West for, among other things, in-depth research exposing vulnerabilities in Intel’s hardware security architecture.

Formal attribution of the SolarWind hacks, echoing tentative findings made by Kaspersky Lab, came in a US Treasury Department statement issued this afternoon.


The compromise saw Russian state intelligence operatives carefully compromise the build systems of SolarWinds’ network monitoring software Orion to distribute a backdoor into its 18,000 customers. Those customers included the UK and US governments, among many others.


We see what Russia is doing to undermine our democracies



“The Russian Intelligence Services’ third arm, the SVR, is responsible for the 2020 exploit of the SolarWinds Orion platform and other information technology infrastructures. This intrusion compromised thousands of US government and private sector networks,” said the US Treasury.


The American attribution was echoed by the British government with Foreign Secretary Dominic Raab saying in a statement: “We see what Russia is doing to undermine our democracies. The UK and US are calling out Russia’s malicious behaviour, to enable our international partners and businesses at home to better defend and prepare themselves against ..