This article was originally published by Radio Free Europe/Radio Liberty and is reprinted with permission.
U.S. national-security adviser Jake Sullivan has warned that the United States will respond within “weeks, not months” to a suspected Russian cyberattack, discovered in December, that targeted branches of the U.S. government and other key institutions.
Sullivan was talking about the breach — which began with malicious code slipped into updates of the SolarWinds software used by the government and thousands of businesses — on CBS’s Face The Nation program on February 21.
He said the response was likely to include “a mix of tools seen and unseen” and “it will not simply be sanctions.”
“We’re in the process of working through that, and we will ensure that Russia understands where the United States draws the line on this kind of activity,” Sullivan said.
Experts have called the so-called SolarWinds breach one of the biggest and most sophisticated cyberattacks in history and suggested it could only have been pulled off by a state actor.
It targeted the U.S. Department of Homeland Security, which is responsible for border security and protecting the country from online attacks, as well as the U.S. Treasury and Commerce departments, in addition to thousands of other entities.
It was traced back to infiltrated network management software dating back to at least June.
Intelligence and industry sources have blamed it on Russian hackers.
Moscow has denied any involvement, saying in a statement on December 14 that Russia “does not conduct offensive operations in the cyberdomain.”
“First of all, we have asked the intelligence community to do further work to sharpen the attribution that the last administration made about precisely how this hack occurred, what the extent of the damage is, what the scope and scale of the intrusion is, and we are in the process of working through that now,” Sullivan told CBS. “And then what I have said is that it will be weeks, not months, before we have a response prepared.”
Suspected Russian government hackers behind the massive intrusion of government and private company networks discovered in December were able to gain access into Microsoft’s source code, a key building block for software or operating systems, the tech giant said on December 31.
Microsoft President Brad Smith in mid-February said the attack was “probably the largest and most sophisticated attack the world has ever seen.”
A rise in U.S.-Russian tensions greeted the new U.S. presidency of Joe Biden but did not prevent his administration and Moscow from successfully negotiating a five-year extension of the New START arms-control treaty, their last remaining arms-control pact.
U.S. Secretary of State Antony Blinken said earlier this month that he had warned Russian Foreign Minister Sergei Lavrov in a phone call that the new U.S. administration will respond “firmly in defense of U.S. interests in response to actions by Russia that harm us or our allies.”
Blinken cited Russia’s ongoing detention of two former U.S. Marines, Paul Whelan and Trevor Reed, but the so-called SolarWinds cyberattack has also cast a long shadow over U.S.-Russian relations amid signals that a state actor like Russia was behind it.
But a State Department statement said Blinken also raised “Russian interference” in last year’s presidential election that brought Biden to the White House, Moscow’s “military aggression” in Ukraine and Georgia, the poisoning of jailed Kremlin critic Aleksei Navalny, and the SolarWinds hack of U.S. government systems.
FireEye, a prominent cybersecurity company that was breached in connection with the SolarWinds incident, said targets included government, technology, and telecommunications companies in North America, Europe, Asia, and the Middle East.
France’s cybersecurity watchdog said this month that it had discovered a hack of French organizations that bore similarities to other attacks by a group linked to Russian intelligence.
In a report released on February 15, the French National Agency for the Security of Information Systems (ANSSI) said the hackers had taken advantage of a vulnerability in monitoring software sold by the Paris-based company Centreon.
The ANSSI said it discovered intrusions dating back to late 2017 and stretching into 2020.
It stopped short of identifying the hackers but said they had a similar modus operandi as the Russian cyberespionage group often nicknamed Sandworm and thought to have links with Russian military intelligence.