Russian SVR Behind the SolarWinds Hack, According to U.S. Government

The White House Declared that the Cozy Bear Group of Advanced Hackers Was the Author of the Cyber-Espionage Activity exploiting the SolarWinds Orion Platform.

LAST UPDATED ON APRIL 16, 2021
QUICK READ
3 min
Let's get started!
DORA
TUDOR
CYBER SECURITY ENTHUSIAST

United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that provided hackers with access into as many as 18,000 government entities and Fortune 500 companies as to at least nine federal agencies and more than 100 companies were exposed to the breach.

The White House declared that the Cozy Bear group of advanced hackers was the author of the cyber espionage activity exploiting the SolarWinds Orion platform.

The press release is supporting what media reports previously said, that the Russian Foreign Intelligence Service, was behind the SolarWinds hack, with the White House officially putting the blame on the SVR for carrying out “the broad-scope cyber-espionage campaign” through its hacking division commonly referred to as APT29, The Dukes, or Cozy Bear.

Today the United States is formally naming the Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures. The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR.

Source

The SVR had access to more than 16,000 computers across the world, but they targeted only a select few, like companies involved in the cybersecurity sector (FireEye, Malwarebytes, Mimecast) and state and federal agencies in the U.S.

The scope of this compromise is a national security and public safety concern. Moreover, it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident.

Source

The U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) are warning about the top five vulnerabilities the SVR is exploiting in attacks against the U.S. interests, in a try to make sure that organizations are taking take the necessary steps to identify and defend against malicious activity conducted by the SVR.

President Biden has issued today an executive order related to blocking property in regards to harmful activities from the government of the Russian Federation, and following this, the Treasury Department has issued several sanctions against a few Russian technology companies for the role they’ve played in the SolarWinds incident.

Heimdal Official Logo
Your perimeter network is vulnerable to sophisticated attacks.

Heimdal® Threat Prevention - Network

Is the next-generation network protection and response solution that will keep your systems safe.
  • No need to deploy it on your endpoints;
  • Protects any entry point into the organization, including BYODs;
  • Stops even hidden threats using AI and your network traffic log;
  • Complete DNS, HTTP and HTTPs protection, HIPS and HIDS;
Try it for FREE today 30-day Free Trial. Offer valid only for companies.

The US companies and financial institutions will no longer be able to do business with the sanctioned companies unless they are first applying for and receiving a special license from the Office of Foreign Assets Control.

  • ERA Technopolis – A research center and technology park that is funded and operated by the Russian Ministry of Defense, housing and supporting units of Russia’s Main Intelligence Directorate responsible for offensive cyber and information operations.
  • Pasit – A Russia-based IT company that is known for the fact that it conducted research and development in support of Russia’s Foreign Intelligence Service’s malicious cyber operations.
  • SVA – A Russian state-owned research institute that is specialized in advanced systems for information security located in Russia.
  • Neobit – A Russia-based IT security firm having clients that include the Russian Ministry of Defense, SVR, and Russia’s Federal Security Service (FSB).
  • AST – A Russian IT security firm with clients that include the Russian Ministry of Defense, SVR, and FSB, meant to provide technical support to cyber operations conducted by the FSB, GRU, and SVR.
  • Positive Technologies – A Russian IT security firm supporting Russian Government clients, including the FSB, provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts large-scale conventions that are used as recruiting events for the FSB and GRU.

US companies and financial institutions are no longer able to do business with the above-sanctioned companies without first applying for and receiving a license from the Office of Foreign Assets Control (OFAC).

RELATED

Mimecast Discloses Source Code Theft in SolarWinds Breach

The SolarWinds Incident May Be the Start of New Data Breach Notification Law in the US

Leave a Reply

Your email address will not be published. Required fields are marked *

GO TO TOP