While top US officials, including Secretary of State Mike Pompeo, have previously suggested that the hacking campaign was carried out by a Russian-backed group, Tuesday’s joint statement offers the most definitive and concrete assessment about the attack’s origins from agencies investigating the incident.
In short, the statement issued by the Cyber Unified Coordination Group (UCG) clearly acknowledges what US officials and experts have suspected since the data breach was first disclosed last month: the Advanced Persistent Threat (APT) actor responsible is “likely Russian in origin.”
That assessment runs counter to what President Donald Trump has said publicly in the weeks since the data breach first came to light.
Trump has previously questioned intelligence suggesting the hackers were linked to Russia, and he has downplayed the impact of the breach, which top US officials and experts say is historic and could take years to fully understand.
The attack, has affected “less than 10” US government agencies and a number of private sector companies, is believed to be “an intelligence gathering effort,” but investigators are still working to understand its full scope, Tuesday’s joint statement adds.
Even as US officials continue to grapple with the fallout, the statement clearly states that investigators currently believe the attack does not amount to an “act of war” as some lawmakers have suggested.
The Cyber Unified Coordination Group, which consists of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA), began meeting twice daily since the government was informed about the hack, as it worked to assess the extent of the damage and the possible culprits responsible for the attack.
It comes as US officials are still working to uncover the full extent of the breach. A senior administration official told CNN on Monday that well over 250 networks in government and companies had been affected by the hack but that US officials are still trying to assess the damage. The official says, “We think it could be a lot more.”
On top of assessing the damage, investigators are working to uncover exactly how the attackers gained access to US networks. The focus on SolarWinds, a private contractor attackers exploited to gain access to potentially thousands of public- and private-sector organizations, is continuing.
The FBI is involved with the case and is examining whether the infiltration involved the company’s operations in Eastern Europe, according to two sources familiar with the matter. The intelligence community is also examining the company’s operations in Eastern Europe.
SolarWinds outsourced a great deal of its technical expertise to employees and software engineers in countries including Belarus, Poland and the Czech Republic. One former National Security Agency official told CNN on Monday that foreign employees working for American IT firms in those countries are considered prime targets for recruitment by Russian intelligence services.
This story is breaking and will be updated.
Source : Nbcnewyork
