U.S. Government Says Russia 'Likely' Behind Massive 'Intelligence Gathering'
January 6, 2021
The U.S. government said January 5 that Russia was “likely” behind a massive
hack of government and private company networks discovered last month and the
intrusion was an “intelligence gathering effort.”
In a joint statement issued by the Director of National Intelligence, FBI, and
other investigative agencies, the U.S. government said that it was still trying
to understand the scope and mitigate a “significant cyber incident” involving
federal government networks.
The investigation has so far indicated that a hacker “likely Russian in origin”
is behind what federal authorities described as an “ongoing” cyber compromise of
both government and nongovernmental networks.
“At this time, we believe this was, and continues to be, an intelligence
gathering effort,” the statement said.
Top U.S. officials including Secretary of State Mike Pompeo have previously
suggested Russian intelligence agency hackers are behind the sophisticated
operation, which Moscow has denied.
President Donald Trump has downplayed the seriousness and impact of the
cyberattack, while casting doubt on whether Russia is responsible. Instead, he
contradicted his own officials and experts by suggesting China may have been
behind the breach.
But the January 5 official statement was the first one formally fingering Russia
by the Trump administration.
It also provided a partial answer to the open question of what the hackers
intend to do with the information by clarifying their goal appears to be
intelligence gathering rather than a destructive act such as targeting
The massive breach began as early as March when hackers slipped malicious code
into updates in SolarWinds software used by the government and thousands of
businesses and entities. The intrusion was first discovered in December when
cybersecurity firm FireEye found the breach when the security firm itself was
In the statement, the U.S. government said approximately 18,000 public and
private sector customers of SolarWinds’ Orion product had been affected.
However, investigators have determined a “much smaller number” have been
impacted by follow-on activities.
“We have so far identified fewer than ten U.S. government agencies that fall
into this category, and are working to identify and notify the nongovernment
entities who also may be impacted,” the statement said.
“This is a serious compromise that will require a sustained and dedicated effort
to remediate,” it added.
There was no mention of which specific U.S. government agencies remain
potentially compromised, but among those known to have been targeted include
Treasury, Commerce, State, Homeland Security, and Defense.