Jan 5, 2021 - Technology

National Security Council names Russia as "likely" origin of U.S. agency breach

Illustration of a cursor clicking on a folder with an American flag inside
Illustration: Sarah Grillo/Axios

A U.S. task force responsible for investigating the massive cyberattack that breached the departments of Defense, State and Homeland Security — among others — identified the hack as "likely Russian in origin," per a joint statement on Tuesday.

Why it matters: This is the first time the federal government has formally named Russia as the likely origin of the attack.

Catch up quick: The attackers targeted SolarWinds, the globally used network-management software that serves major companies and governments.

  • The FBI, Cybersecurity and Infrastructure Security Agency (CISA), Office of the Director of National Intelligence (ODNI) and other agencies gathered under the National Security Council have so far "identified fewer than ten U.S. government agencies" that were affected by the breach.
  • Roughly 18,000 people and private sector companies are known to have been impacted overall, the agencies noted.

Of note: President Trump responded to the cyberattack in mid-December, claiming the "Fake News Media" exaggerated the extent of the hack, and claimed that China may be responsible, contradicting other government officials who attributed the breach to Russia.

What they're saying: "This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," the agencies said.

  • "At this time, we believe this was, and continues to be, an intelligence gathering effort."
Go deeper