Security News > 2021 > January > US govt says Russian state hackers likely behind SolarWinds hack
The Cyber Unified Coordination Group said today that a Russian-backed Advanced Persistent Threat group is likely behind the SolarWinds hack.
The UCG was established by the National Security Council after the SolarWinds supply chain attack to help the intelligence agencies better coordinate the government's response efforts surrounding this ongoing espionage campaign.
"[A]n Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," the UCG said.
Russia denied links with the SolarWinds hackers saying that it "Does not conduct offensive operations in the cyber domain."
CISA also issued an Emergency Directive after the suspected Russian state-sponsored hackers breached SolarWinds asking federal civilian agencies to disconnect or power down affected SolarWinds products to block future attacks.
The list of US agencies breached in this attack includes the US Treasury, the US Department of State, US NTIA, US NIH, DHS-CISA, the Department of Energy, the National Nuclear Security Administration, and the US Department of Homeland Security.
News URL
Related news
- Chinese hackers target Russian govt with upgraded RAT malware (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- France ties Russian APT28 hackers to 12 cyberattacks on French orgs (source)
- Luna Moth extortion hackers pose as IT help desks to breach US firms (source)
- Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware (source)
- Hackers behind UK retail attacks now targeting US companies (source)
- Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics (source)
- Russian hackers breach orgs to track aid routes to Ukraine (source)
- Chinese hackers breach US local governments using Cityworks zero-day (source)