The Biden administration has officially blamed and sanctioned Russia for its role in the massive SolarWinds hack that compromised computer systems in multiple government agencies as well as private companies.
In an executive order issued April 15, President Biden levied a variety of economic sanctions against several Russian financial institutions, technology companies, and individuals designated as having participated in “harmful foreign activities,” including but not limited to the hack.
First reported last December, the series of attacks, linked to software made by the Texas-based software company SolarWinds, infiltrated at least nine federal agencies, including the Commerce, Energy, and Justice Departments, as well as more than 100 private companies, the Biden administration said in February. Officials were initially hesitant to assign blame for the hack — or even acknowledge its existence — under the Trump administration, but they would eventually say the attack was “likely Russian in origin.” Trump said very little and even suggested that China, not Russia, might have been behind it. Russia has always denied any involvement.
The hacks are believed to have begun in March 2020 through network monitoring software called Orion Platform, which is made by SolarWinds. The hackers were able to insert malware into Orion Platform software updates which, once installed, gave hackers access to those systems. This is called a supply chain attack. At one point, there were fears that the attack affected thousands of SolarWinds’ government and private clients. The hack was only discovered when a cybersecurity company that makes hacking tools found that its own systems had been breached.
In contrast to his predecessor, Biden — then as a president-elect — said his administration would do everything possible to improve its own cybersecurity defenses, which the hack made clear were very much lacking, and that the breach would be a “top priority.” Biden also promised “substantial costs” for the perpetrators.
Four months later, the Biden administration is formally naming the Russian Intelligence Service (SVR) — which it says includes the groups known as Cozy Bear, APT29, and The Dukes — as being behind the hack. That group has also been blamed for previous hacks on government systems, the Democratic National Committee, and even institutions doing research on Covid-19 and vaccine development. It’s long been linked to Russian intelligence, which Russia has long denied.
The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) also released on April 15 a cybersecurity advisory about the vulnerabilities Russian hackers have exploited — and continue to exploit, as the advisory notably pointed out — in software from companies including Fortinet, Synacor, Pulse Secure, Citrix, and VMware.
Biden’s executive order doesn’t just address the hack or Russia’s other cyber malfeasances. It also says the Russian government has tried to undermine free and fair elections in the United States and its allies, targeted dissidents and journalists, and violated international law by refusing to respect other nation-states’ territorial integrity. The sanctions will also apply to individuals associated with the occupation of Crimea; reports that the Russian government paid bounties to Taliban militants to kill American soldiers will be “handled through diplomatic, military and intelligence channels”; and 10 Russians who work at the country’s diplomatic mission in Washington have been expelled.
Russia’s response to the executive order, for now, is to promise that there will be a response.
“Such aggressive behavior will certainly receive a decisive rebuff, and the response to sanctions will be inevitable,” Russian Foreign Ministry spokesperson Maria Zakharova told a Russian news agency.
Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.