- A Russian Advanced Persistent Threat group is likely behind the recent cyberattacks on government and non-government networks for intelligence gathering purposes, according to federal officials.
- The Cyber Unified Coordination Group (UCG) announced Tuesday that nearly ten U.S. government agencies experienced follow-on activity on their systems after being compromised through a malicious update to their SolarWinds Orion network monitoring platform. The UCG said it’s also working to identify and notify the nongovernment entities that experienced follow-on activity on their systems.
- “This is a serious compromise that will require a sustained and dedicated effort to remediate,” the UCG said in a joint statement. “We are taking all necessary steps to understand the full scope of this campaign and respond accordingly.”
- Moreover, the UCG’s assertion that the recent cyber compromises were part of an intelligence gathering effort is consistent with previous campaigns carried out by APT29.
- Prior to the SolarWinds hack, APT29 was most famous for hacking the State Department and White House hacks during the Obama years. APT29 also compromised the Democratic National Committee servers in 2015 but didn’t end up leaking the hacked DNC material. Instead, the Russian military spy agency GRU separately hacked the DNC and leaked its emails to WikiLeaks in 2016.
– Michael Novinson | January 5, 2021