White House Attributes SolarWinds Hack To Russian Agency

White House Attributes SolarWinds Hack To Russian Agency

President Joe Biden. Photo: White House


The Biden administration on Thursday publicly attributed a cyber espionage campaign to the Russian Foreign Intelligence Service (SVR) that was first disclosed last December by a U.S. cybersecurity firm and the administration also announced sanctions against six companies in Russia’s technology sector.

The attribution to the SVR, which is also known as APT 29, Cozy Bear, and The Dukes, is the first time the U.S. government has been specific about identifying the Russian government, and specifically the SVR, as the perpetrators of what is commonly called the SolarWinds attack. In early January, the U.S. intelligence community said the hack was “likely Russian in origin” and earlier this week it released its annual threat assessment called it “A Russian software supply chain operation.”

The administration said the intelligence community “has high confidence” in attributing the attack to the SVR.

In addition to outing the SVR, the administration identified six Russian companies—some private and some state-owned, that the U.S. Treasury Department said provide expertise, tools and infrastructure to the SVR and other Russian intelligence services and help with “facilitating malicious cyber activities.”

The White House, in a fact sheet announcing a broader set of sanctions against the Russian government and entities for the SolarWinds hack and much more, warned about doing business with information technology companies and personnel in Russian or that work with Russia.

The SVR’s “efforts should serve as a warning about the risks of using information and communications technology and services (ICTS) supplied by companies that operate or store user data in Russia or rely on software development or remote technical support by personnel in Russia,” the fact sheet ..