White House task force says Russia likely to blame for SolarWinds hack

security breach (Song_about_summer/ 

The White House task force investigating the widespread hack of U.S. networks said today that Russia is the likely culprit.

Analysts and some administration officials have suggested a Russian intelligence service is behind the hack of SolarWinds' Orion product, but the statement from the Cyber Unified Coordination Group, which includes the FBI, the Cybersecurity and Infrastructure Security Agency, the National Security Agency and the Office of the Director of National Intelligence, is the first time the federal government has explicitly attributed the attack to Russia.

"This work indicates that an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," the statement reads.

The group also said that it has identified fewer than 10 government agencies that were explicitly targeted by hackers with follow-on activity using the access provided by the SolarWinds breach.

The group's statement references an initial estimate by SolarWinds that said 18,000 "public and private sector customers" downloaded the malicious code implanted within the company’s update server for its Orion IT management software.

But officials believe "a much smaller number have been compromised by follow-on activity on their systems" – and these include fewer than 10 government agencies. The group is also "working to identify and notify the nongovernment entities who also may be impacted."

Microsoft and cybersecurity firm FireEye last month estimated several dozen organizations were victimized by hackers beyond merely downloading the backdoor vulnerability discovered in SolarWinds Orion. The New York Times over the weekend the reported that intelligence officials now believes that 250 organizations may have been "affected."

In the wake of the ongoing breach, some lawmakers have suggested the hack was an act of war. Other lawmakers and analysts have pointed out merely breaching the government's systems is espionage, but does not constitute an act of war.

The government assessment is that the hack falls under the category of espionage.

"At this time, we believe this was, and continues to be, an intelligence gathering effort," the statement reads.

The statement also details the roles and responsibilities of the task force agencies, and notes that NSA is working with defense industrial base system owners to assess "the scale and scope of the incident" and provide mitigation assistance. No defense contractors have yet been identified as targets of the SolarWinds breach. Officials at the Departments of Defense, Treasury, Commerce and Homeland Security have confirmed that they were affected by the breach. Press reports have named other agencies including the State Department and the National Institutes of Health as targets.

President Donald Trump has previously suggested China was behind the hack. That claim was not mentioned in the task force statement

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected