Joint Statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) | CISA
CISA has just issued a statement citing that Russia is “likely” behind SolarWinds attack, with the FBI, NSA and The Office of The Director of National Intelligence (ODNI) and acknowledging the formation of a task force.
It reads, in part, “On behalf of President Trump, the National Security Council staff has stood up a task force construct known as the Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, to coordinate the investigation and remediation of this significant cyber incident involving federal government networks. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts. This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly. The UCG believes that, of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number have been compromised by follow-on activity on their systems. We have so far identified fewer than ten U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted…”
According to Saryu Nayyar, CEO, Gurucul, “The cold war isn’t over. It just moved to the internet. And the SolarWinds attack is a perfect example of a State or State Sponsored actor turning their resources to cyberattack. Unlike typical cybercriminals, these threats at this level have almost unlimited resources and will target virtually anything that may forward their agenda. It is likely the damage from this attack will run much deeper than is revealed to the public, but it may serve as a wakeup call that organizations and vendors at all levels need to up their cybersecurity game. They need to assess their current security posture and make sure they have the best possible components in place, including security analytics. The benefit is that designing defenses to blunt State level attackers should be more than enough to thwart common cybercriminals.”