The Biden administration this week has issued a statement blaming the Russian government for the SolarWinds supply chain attack, imposing costs on the rival nation for its actions.
A lengthy press release from the White House issued April 15 points the finger at Russian intelligence for several actions against U.S. sovereignty and U.S. partners. Chief among them: the large-scale supply chain attack leveraging the SolarWinds Orion platform affecting tens of thousands of entities across the United States and other parts of the world.
“Today the United States is formally naming the Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures,” the White House states. “The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR.”
“The SVR’s compromise of the SolarWinds software supply chain gave it the ability to spy on or potentially disrupt more than 16,000 computer systems worldwide,” the statement continues. “The scope of this compromise is a national security and public safety concern. Moreover, it places an undue burden on the mostly private sector victims who must bear the unusually high cost of mitigating this incident.”
The National Security Agency (NSA), the Cybersecurity & Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have also issued a joint cybersecurity advisory that provides details on software vulnerabilities the SVR allegedly uses to gain access to victim devices and networks. The advisory tells IT administrators what steps to take to identify and defend against the alleged malicious cyber activity.
In light of these developments (and other accusations listed in the press release), the Biden administration advises organizations – albeit indirectly – to consider opting out of information and communications technology and services (ICTS) supplied by Russia:
“Additionally, the SVR’s compromise of SolarWinds and other companies highlights the risks posed by Russia’s efforts to target companies worldwide through supply chain exploitation,” it states. “Those efforts should serve as a warning about the risks of using information and communications technology and services (ICTS) supplied by companies that operate or store user data in Russia or rely on software development or remote technical support by personnel in Russia. The U.S. government is evaluating whether to take action under Executive Order 13873 to better protect our ICTS supply chain from further exploitation by Russia.”
The White House also announced plans to promote a framework of responsible state behavior in cyberspace and cooperation with allies and partners to counter malign cyber activities. The Department of Defense is also taking steps to incorporate additional allies, including the UK, France, Denmark and Estonia, into the planning for CYBER FLAG 21-1 – an exercise designed to improve defensive capabilities and resiliency in cyberspace.