Investigators believe that “of the approximately 18,000 affected customers of Solar Winds’ Orion product in the public and private sectors, a much smaller number have been compromised by follow-up activity on their systems,” the four agencies said. “We have so far identified fewer than ten US government agencies that fall into this category and are working to identify and notify the non-governmental organizations that may also be affected.”
Advanced hackers “probably of Russian origin” are behind “most or all of the recently discovered ongoing cyber compromises,” the statement said, corresponding to the first formal, albeit tentative. The US government credits Moscow for the sophisticated attack on the supply chain.
The statement was uncertain for both what it was saying and what it was making clear.
“At this point, we believe this was and is information gathering,” the agencies said. “We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”
The FBI, CISA, and ODNI have formed a Cyber Unified Coordination Group to oversee the government’s response to the SolarWinds campaign. The NSA supports the three agencies in their work.
The UCG is part of an Obama-era process to respond to major cyberattacks. As POLITICO first reported, the Trump administration activated this process shortly after discovering the violation. At the time, a US official told POLITICO that “this is likely to be one of the most momentous cyberattacks in US history”.
The FBI is focused, among other things, on identifying victims of the attack and gathering forensic evidence in order to “investigate further attributions,” the statement said. CISA focuses on sharing information about the campaign with government and private sector partners. And ODNI is coordinating “information-gathering activities to fill knowledge gaps,” hiring spy agencies to gather more details about the attack.
Natasha Bertrand contributed to this report.