In a joint statement on January 5, 2021, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of The Director of National Intelligence (ODNI), and the National Security Agency (NSA)—which make up the Cyber Unified Coordination Group (UCG) task force—said that the compromise of IT service provider SolarWinds in 2020 was part of an ongoing information gathering effort and was likely Russian in origin.[1] The massive breach started in March 2020 when hackers compromised IT management software from SolarWinds. The breach compromised an email system used by senior leadership at the Treasury Department and systems at several other federal agencies. According to the joint statement, of SolarWinds’ 18,000 customers, USG believes that “a much smaller number” were targeted following the initial hack. Additionally, USG said that fewer than ten agencies were targeted by the hack and the task force is now working to identify and notify nongovernment entities that may have also been affected.
The joint statement also outlined USG’s actions and the next steps of the investigation. The FBI will remain focused identifying victims, collecting evidence, analyzing the evidence to determine the group responsible, and sharing results with stakeholders. CISA will focus on sharing information quickly and has created a free tool for detecting unusual and potentially malicious activity related to the SolarWinds hack. ODNI is coordinating the intelligence community to ensure the UCG has the most up-to-date intelligence and is also providing information to key stakeholders. Finally, the NSA is supporting the UCG by providing intelligence, cybersecurity expertise, and actionable guidance to the UCG partners.
[1] https://www.cisa.gov/news/2021/01/05/joint-statement-federal-bureau-investigation-fbi-cybersecurity-and-infrastructure