US: Hack of federal agencies ‘likely Russian in origin”
Shafaq News/ US intelligence and law enforcement agencies investigating the massive hacking campaign targeting American government agencies and private sector companies issued a joint statement Tuesday saying the group responsible "likely originated in Russia" and the attack is believed to be an act of espionage rather than cyber warfare, as some lawmakers have suggested.
In short, the statement issued by the Cyber Unified Coordination Group (UCG) clearly acknowledges what US officials and experts have suspected since the data breach was first disclosed last month: the Advanced Persistent Threat (APT) actor responsible is "likely Russian in origin."
Tuesday's assessment that the group behind the attack was likely backed by Russia runs counter to what President Donald Trump has said publicly in the weeks since the data breach first came to light.
Trump has previously questioned intelligence suggesting the hackers were linked to Russia, and he has downplayed the impact of the breach, which top US officials and experts say is historic and could take years to fully understand.
Despite acknowledging the importance of naming Russia as the country responsible for the hack, an administration official noted that the impact of Tuesday's statement could be limited by the fact that Trump is leaving office in a matter of weeks.
Tuesday's statement also suggests that US officials do not believe the attack was an act of cyber-warfare, as it "was, and continues to be, an intelligence gathering effort."
Additionally, the statement also reiterated that US officials are still working to understand the full scope of the attack, particularly as it relates to vulnerabilities exposed in SolarWinds software used by a number of government agencies and private sector companies.
For now, investigators believe that a much smaller number of affected government and private sector networks were actually compromised by "follow-on activity" in which hackers were able to exploit their access, according to the statement.
Yet, it is clear US officials are still working to uncover the full extent of the breach.
As well as assessing the damage, investigators are working to uncover exactly how the attackers gained access to US networks. The focus on SolarWinds, a private contractor attackers exploited to gain access to potentially thousands of public- and private-sector organizations, is continuing.
Microsoft said in a blog post last week that hackers tied to the intrusions of government agencies and companies sneaked further into its systems than previously thought and were able to view some of the code underlying Microsoft software, but weren’t able to make any changes to it.
The FBI is involved with the case and is examining whether the infiltration involved the company's operations in Eastern Europe, according to two sources familiar with the matter. The intelligence community is also examining the company's operations in Eastern Europe.
Source: CNN + AP