The US government accused Russia of attacking SolarWinds and imposed sanctions on a number of companies
The US government has officially accused Russia of attacking SolarWinds and its clients and has imposed sanctions on a number of Russian companies. Joe Biden’s administration claims that the Russian Foreign Intelligence Service and its “government hackers” known as APT 29, Cozy Bear or The Dukes were behind the attack.
According to the authorities, they “used the SolarWinds Orion platform and other IT infrastructures as part of a large-scale cyber-espionage campaign.”
“Compromise of the SolarWinds’ supply chain by Russian Foreign Intelligence Service has enabled them to spy on and potentially disrupt more than 16,000 computer systems around the world”, — the White House said in a statement.
The British government supported the White House statement and also links the attack on SolarWinds with the Foreign Intelligence Service. The European Commission has also prepared its own statement, in which it also accuses Russia, but does not claim that the Foreign Intelligence Service was behind this incident.
The SolarWinds hack has become one of the largest supply chain attacks in history.
In December 2020, it became known that unknown attackers had attacked SolarWinds and infected its Orion platform with malware.
According to official figures, of the 300,000 SolarWinds customers, only 33,000 were using Orion, and the infected version of the platform was installed on approximately 18,000 customers. As a result, the victims included such giants as Microsoft, Cisco, FireEye, as well as many US government agencies, including the Department of State, the Department of Justice and the National Nuclear Security Administration.
On the same day, the US Treasury Department imposed sanctions against six Russian IT companies, which, according to the US government, helped the FIS with their technical knowledge and services during past operations.
The sanctions affected Technopolis Era, JSC Pasit, the Federal State Autonomous Scientific Institution Research Institute of Specialized Computing Devices and Safety Automation, Neobit LLC, Advanced System Technologies JSC, and Positive Technologies JSC. In addition to them, the information agencies Southfront, Newsfront, Inforos and the Russian Strategic Culture Foundation were also sanctioned.
In particular, the US Treasury says that Positive Technologies has clients in the Russian government, including the Federal Security Service (FSB), and regularly holds large-scale conventions wIth the Foreign Intelligence Service and G.U., recruiting new employees for themselves.
“Positive Technologies is a Russian IT security firm that supports Russian Government clients, including the FSB. Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts large-scale conventions that are used as recruiting events for the FSB and GU”, — said in a press release from the U.S. Department of the Treasury.
Let me remind you of the victims of an attack in the information security sector: SolarWinds attack victims include Mimecast, Palo Alto Networks, Qualys and Fidelis Cybersecurity.