The FBI, CISA, ODNI, and the NSA released a statement stating that Russia has orchestrated the SolarWinds attack. It was believed that the hackers were working with a foreign government, but the security agencies have pointed the blame to Russia.
The background to this attack is due to the software provider SolarWinds was breached and a malware-laced update was deployed on Orion software. Which infected networks across US companies and government entities. Which US Security firm FireEye reported on as many other outlets reported this massive attack.
FireEye's own network was even breached as the SolarWinds supply chain attack allowed the hackers to get into their network which around 10 US governmententitieswere breached and around 18,000 Orion customers as well.
The SolarWinds supply chain attack is also how hackers gained access to FireEye's own network, which the company disclosed earlier this week.
The Washington Post cited sources claiming that multiple other government agencies were also impacted.
Reuters reported that the incident was considered so serious that it led to a rare meeting of the US National Security Council at the White House.
Sources speaking with the Washington Post linked the intrusion to APT29, a codename used by the cyber-security industry to describe hackers associated with the Russian Foreign Intelligence Service (SVR).
FireEye didn't confirm the APT29 attribution and gave the group a neutral codename of UNC2452, although several sources in the cyber-security community with government entities confirming the APT29 attribution, done by the US government, is most likely correct, based on current evidence.
In security alerts sent to its customers in private on Sunday, Microsoft also confirmed the SolarWinds compromise and provided countermeasures to customers that may have been affected.
"The campaign is widespread, affecting public and private organizations around the world," FireEye said.
"The victims have included government, consulting, technology, telecom, and extractive entities in North America, Europe, Asia, and the Middle East. We anticipate there are additional victims in other countries and verticals," FireEye added.
This malware being tied to Russia is a big security concern across the US and its allied countries as it has breach public, private, and government entities across the board. It's gonna be tense to see how this plays out.