Security News > 2021 > January > FBI, CISA, NSA Officially Blame Russia for SolarWinds Cyber Attack

The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month.
The FBI, CISA, ODNI, and NSA are members of the Cyber Unified Coordination Group, a newly-formed task force put in place by the White House National Security Council to investigate and lead the response efforts to remediate the SolarWinds breach.
An estimated 18,000 SolarWinds customers are said to have downloaded the backdoored software update, but the UCG said only a smaller number had been subjected to "Follow-on" intrusive activity on their internal networks.
The hacking campaign was notable for its scale and stealth, with the attackers leveraging the trust associated with SolarWinds Orion software to spy on government agencies and other companies for at least nine months, including viewing source code and stealing security tools, by the time it was discovered.
SolarWinds is facing further fallout after a shareholder of the IT infrastructure management software company filed a class-action lawsuit in the U.S. District Court for the Western District of Texas on Monday against its president, Kevin Thompson, and chief financial officer, J. Barton Kalsu, claiming the executives violated federal securities laws under the Securities Exchange Act of 1934.
The complaint states that SolarWinds failed to disclose that "Since mid-2020, SolarWinds Orion monitoring products had a vulnerability that allowed hackers to compromise the server upon which the products ran," and that "SolarWinds' update server had an easily accessible password of 'solarwinds123'," as a result of which the company "Would suffer significant reputational harm."
News URL
Related news
- CISA and FBI: Ghost ransomware breached orgs in 70 countries (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- CISA flags Craft CMS code injection flaw as exploited in attacks (source)
- CISA tags critical Ivanti EPM flaws as actively exploited in attacks (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- CISA tags NAKIVO backup flaw as actively exploited in attacks (source)