FireEye not ready to ascribe SolarWinds hack to Russia


The cybersecurity firm FireEye said Tuesday that it has not seen enough evidence to positively identify the hackers behind the ongoing SolarWinds Orion hack to Russian entities.

"We are not attributing to a sponsor at this time," said Benjamin Reed, the company's director of threat intelligence. "We don't have sufficient evidence to support naming a specific sponsor."

Reed acknowledged that the federal government recently said the hackers, which FireEye is calling UNC2452, are "likely Russian in origin."

That notion is "plausible from what we've seen," Reed said during a webinar this week. He added that Russian groups have been observed using the sophisticated methods being discovered by public and private investigators probing how UNC2452 managed to both breach and remain undetected on countless networks for months.

FireEye is credited as the first to detect an intrusion in SolarWinds Orion, an IT management software. Although FireEye is not attributing the attack to Russia yet, Reed said the company has also not seen any evidence pointing to another country.

Gregory Touhill, the federal government's first chief information security officer and a retired Air Force brigadier general, said FireEye's reluctance to attribute the attack to Russia is likely a matter of due diligence.

"When it comes to attribution, what the intelligence and law enforcement community has to do is … literally trace it all the way back to the root," he said. FireEye has to gather evidence that "will hold up in court. That's the realm that [FireEye] and others are dealing with. Those who don't have to prove it in court can say whatever they want."

SolarWinds' new chief executive officer Sudhakar Ramakrishna, who succeeded Kevin Thompson at the start of the new year, said in his own blog post this week that the earliest indications that hackers breached their networks dates back to September 2019.

"To date, our investigations have not independently verified the identity of the perpetrators," he wrote.

About the Author

Justin Katz is a former staff writer at FCW.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected