U.S. Security Agencies: Massive Computer Hack Is 'Likely Russian'
In the most detailed comments so far, the U.S. government said Tuesday that a massive hack into government and private computer networks was "likely Russian in origin" and will take a long time to repair.
"This is a serious compromise that will require a sustained and dedicated effort to remediate," said the lengthy statement issued on behalf of several national security agencies, including the FBI, the National Security Agency, the Office of the Director of National Intelligence, and the Department of Homeland Security's cybersecurity agency.
The statement was the first time the U.S. government officially attributed blame, though Secretary of State Mike Pompeo said on Dec. 19 that Russia was "pretty clearly" responsible.
The following day, President Trump tweeted that China might be behind the hack, but he offered no evidence and otherwise has said almost nothing about the episode.
Some 18,000 entities — including U.S. government agencies and private organizations — had their computer networks compromised as the hackers hid malware inside a software update provided by the Texas company SolarWinds.
The statement said "fewer than 10" U.S. government agencies have been hit, though it did not describe the extent of the damage.
The statement did not name the agencies, but several have been identified previously, including the departments of Treasury, Commerce, State, Homeland Security, as well as the U.S. Postal Service and the National Institutes of Health.
Some U.S. government agencies have said previously that the hackers entered email accounts, but it's still not clear whether they broke into classified systems.
Hallmarks of Russia
"At this time, we believe this was, and continues to be, an intelligence gathering effort," the security agencies said in the statement. This suggests the hackers wanted to gather as much information as possible about the inner workings of U.S. government agencies, but they were not trying to disrupt government operations.
Cyber experts have said that the operation has the hallmarks of Russia's foreign intelligence service, the SVR, whose hackers are known as Cozy Bear.
Russia has denied any involvement.
The episode is the latest in a long list of suspected Russian electronic incursions into other nations under President Vladimir Putin. Multiple countries have previously accused Russia of using hackers, bots and other means in attempts to influence elections in the U.S. and elsewhere.
U.S. national security agencies made major efforts to prevent Russia from interfering in the 2020 election. But those same agencies were apparently blindsided by the hackers who spent months digging around U.S. government systems before they were detected.
Breach dates back months
The hackers breached the computer systems as early as March of last year, or perhaps even earlier. The U.S. cybersecurity firm FireEye was the first to detect the hack, issuing a Dec. 8 statement saying it found that its own systems had been breached.
"Based on my 25 years in cyber security and responding to incidents, I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," Kevin Mandia, the company's chief executive, said at the time.
"The attackers tailored their world-class capabilities specifically to target and attack FireEye," he added. "They used a novel combination of techniques not witnessed by us or our partners in the past."
Microsoft, which is helping investigate the hack, said last month it had identified 40 government agencies, companies and think tanks that have been infiltrated. While more than 30 victims are in the U.S., organizations were also hit in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.
The New York Times reported on Saturday that the number of organizations hit may have now reached 250.
Greg Myre is an NPR national security correspondent. Follow him @gregmyre1.
Copyright 2021 NPR. To see more, visit https://www.npr.org.