The US and UK governments on 15 April 2021 attributed the high-profile SolarWinds intrusion campaign in December 2020 to the Russian Foreign Intelligence Service (Sluzhba vneshney razvedki: SVR). The move came as part of a package of sanctions and other measures aimed at Russia. Although media coverage portrayed these actions as driven by the SolarWinds intrusion, the emphasis in official comments was broader; the White House stated that the actions were taken “to impose costs on Russia for actions by its government and intelligence services against U.S. sovereignty and interests”.
The SolarWinds campaign involved a threat actor introducing a backdoor into an update for US company SolarWinds’ Orion network management platform. SolarWinds has estimated that 18,000 of its customers were affected, including government agencies. However, of those affected, only a small number appear to have been selected for further exploitation by the actor behind the compromise.
The actions announced on 15 April were wide-ranging. The US expelled 10 personnel from the Russian diplomatic mission in Washington, and the Department of the Treasury announced sanctions targeting Russian sovereign debt, as well as companies and media organisations allegedly connected to the Russian intelligence services. The National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint advisory that described vulnerabilities exploited by the SVR, so that “network defenders can take action to mitigate against them”.
The SolarWinds Corp logo at its headquarters in Austin, Texas, on 15 April 2021. On the same day, the US and UK governments attributed the intrusion campaign against the company to the Russian Foreign Intelligence Service (Sluzhba vneshney razvedki: SVR). (Suzanne Cordeiro/AFP via Getty Images)
International response
Looking to read the full article?
Gain unlimited access to Janes news and more...