The US Cyber Unified Coordination Group (UCG), composed of the FBI, CISA, and ODNI with support from NSA, says that the cyber-attack on US government agencies was Russian in origin. The UCG is still working to understand the scope of the incident but has the following updates on its investigative and mitigation efforts," the agencies said in a joint statement.
"This work indicates that an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly,"it says.
"The UCG believes that, of the approximately 18,000 affected public and private sector customers of SolarWinds' Orion products, a much smaller number has been compromised by follow-on activity on their systems. We have so far identified fewer than 10 US government agencies that fall into this category, and are working to identify the nongovernment entities who also may be impacted."
"This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the U.S. government, as well as our private sector partners have been working non-stop. These efforts have not let up through the holidays. The UCG will continue taking every necessary action to investigate, remediate, and share information with our partners and the American people."
A response from President-elect Joe Biden called for modernising US cyber defenses to "better deter aggression in the future, rather than continuing to over-invest in legacy systems designed to address the threats of the past."