The US has sanctioned Russia over last year’s SolarWinds cyber attack that saw hackers quietly monitoring the systems of large corporations and US government departments.
US President Joe Biden signed an Executive Order on Thursday freezing the assets of six Russian IT companies, expelling 10 Russian officials from the country, and forbidding US financial institutions from buying or selling Russian government bonds.
Speaking at a press briefing, a senior Biden administration official said the US was “formally naming the Russian Foreign Intelligence Service (SVR)” as the perpetrator of the SolarWinds campaign that affected some 18,000 customers of the eponymous Texas-based software company.
“The SVR unit, APT29, Cozy Bear, the Dukes – known by all of those names – we are attributing as the actor that conducted this intrusion,” the official said.
“The US intelligence community has high confidence in its assessment of attribution to the SVR.”
In a statement on Friday morning, the Australian government said it also confirmed Russia was behind the SolarWinds attack and said it "condemns" the use of malicious cyber activity to "undermine international stability, security and public safety".
Discovered by cyber security company FireEye late last year, SolarWinds was a supply chain attack in which SVR hackers implanted malware in an update of its enterprise-level network monitoring service Orion.
Because it was digitally signed and hid network traffic through another Orion protocol, no one noticed the Russian trojans communicating with command and control servers as they monitored communications and interrupted systems processes to gather intelligence and avoid detection while inside some of the world’s most powerful companies and government agencies.
In a speech on Thursday afternoon local time, Biden said he hoped the two superpowers could work out a “modus vivendi” – a way of living together in peace – and that he wanted to see geopolitical tension resolved diplomatically.
“My bottom line is this: where it is in the interest of the United States to work with Russia, we should and we will,” Biden said.
“Where Russia seeks to violate the interests of the United States, we will respond.”
Biden said he spoke with Russian President Vladimir Putin earlier in the week but did not say whether the Russian leader was willing to stop his country’s cyber activities.
Last September, in the lead up to the US elections, Putin said he wanted to put an end to cyber warfare between the US and Russian.
“One of the main strategic challenges of our time is the risk of a large-scale confrontation in the digital sphere,” Putin said at the time.
“We would like to once again appeal to the United States with a proposal to approve a comprehensive program of practical measures to reset our relations in the use of information and communication technologies (ICT).”
Reds under the bed
Along with the bluster about sanctions, US intelligence agencies issued a joint warning about ongoing cyber espionage campaigns from the Russian SVR that leverage old vulnerabilities in Citrix, Fortinet, and VMware products.
Thursday’s sanctions also came with a warning from a White House official directing US firms to be wary of engaging with Russian IT services.
“The SVR’s compromise of SolarWinds and other companies highlights the risks posed by Russia’s efforts to target companies worldwide through supply chain exploitation,” the official said.
“Those efforts should serve as a warning about the risks of using information and communications technology and services supplied by companies that operate or store user data in Russia, or rely on software development or remote technical support by personnel in Russia.
“The US government strongly encourages all US companies using communications or technologies supplied by companies with ties to Russia to evaluate the security of their infrastructure and be aware of the potential for future US action that may affect their operation.”
One of the companies directly targeted by the sanction orders is Positive Technologies – a billion dollar cyber security company that, like most firms in the industry, looks for software vulnerabilities and security flaws.
Crucially, Positive Technologies has worked closely with the Russian government for its cyber security needs over the past twenty years and, according to the MIT Technology Review, has developed offensive tools used by Russian intelligence.
Biden’s economic sanctions and the advisory from his intelligence agencies come in the same week as he made more appointments to senior cyber security positions.
The US is also seeking an extra US$110 million in funding for the Cybersecurity and Infrastructure Security Agency for 2022 alone.