Russia is likely responsible for the recent significant hack of U.S. government and private networks, according to a joint statement released from top national security agencies on Tuesday.
In a joint statement by the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ONDI) and the National Security Agency (NSA) – a new task force known at the Cyber Unified Coordination Group (UCG) — the agencies said they believed the hack was “an intelligence gathering effort” and “likely Russian in origin” but they are still working to understand the full scope of the attack.
“This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the United States Government, as well as our private sector partners have been working non-stop. These efforts did not let up through the holidays. The UCG will continue taking every necessary action to investigate, remediate, and share information with our partners and the American people,” the statement said.
The cyber intrusion was one of the largest in U.S. history, allowing hackers to monitor government agencies, defense contractors, and telecommunications companies for months before the compromise was exposed. The Associated Press reported that the experts believe the likely foreign agents had plenty of time to gather information that could be problematic for U.S. national security, but the range of the hack and what data was collected is still unknown.
“The UCG believes that, of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number have been compromised by follow-on activity on their systems,” the group’s statement said. “We have so far identified fewer than ten U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted.”
The Treasury and Commerce departments were confirmed targets of the cyber attack, according to The Associated Press, including dozens of email accounts linked to high-ranking government officials.
Last month, President Trump tweeted that the “Cyber Hack is far greater in the Fake News Media than in actuality,” adding that China could be the source of the compromise.
“I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of the possibility that it may be China (it may!),” Trump tweeted.
The national security task force said it will continue to investigate the hack.
“The UCG remains focused on ensuring that victims are identified and able to remediate their systems, and that evidence is preserved and collected,” the statement said. “Additional information, including indicators of compromise, will be made public as they become available.”