The US government formally accuses Russian Foreign Intelligence Service SVR for hack by SolarWinds, in which hackers gained access to the networks of many private US technology services and companies. In a brief statement of sanctions against Russia for actions against US interests, the White House said that the APT Team "Cozy Bear" is behind this cyber espionage operation that exploits the platform SolarWinds Orion. The US government also announced the expulsion of diplomats, as well as a number of other measures against Russia in response to the catastrophic cyber attack as well as other malicious activities.
The White House statement confirms previous media reports citing unofficial sources that the SVR was behind the SolarWinds hack.
In early January, the Cyber Unified Coordination Group (UCG) attributed the cyber-attack to a Russian-backed hacking group, but did not give a specific name.
On April 15, the White House formally charged SVR with conducting a "large-scale cyber espionage campaign" through the Cozy Bear (also known as The Dukes or APT29).
"The US intelligence community has great confidence in its assessment of the effectiveness of the SVR attack", notes the White House report.
With the SolarWinds hack, SVR gained access to more than 16.000 computers worldwide. However, this malicious campaign has specific goals, such as companies in its field Cyber Security (FireEye, Malwarebytes, Mimecast), and US government and federal agencies.
In a joint security consultation they issued the NSA, the CISA and the FBI, warn of first five weaknesses which the SVR exploits in attacks against American interests. Organizations must take into account warning and take the necessary measures to detect and protect against malicious activity carried out by the SVR.
On April 15, US President Joe Biden issued an executive order banning property in connection with harmful activities by the government of the Russian Federation. Based on this mandate, the US Treasury Department has issued sanctions against the following Russian technology companies, because they helped the SVR, the Russian Federal Security Service (FSB) and the Russian Central Intelligence Agency (GRU) to carry out malicious cyber activities against the US.
- ERA Technopolis: Research center and technology park funded and operated by the Russian Ministry of Defense. ERA Technopolis houses and supports units of the Central Intelligence Agency of Russia (GRU) responsible for cyber-attacks.
- Pasit: Russia-based IT company conducting research and development to support SVR malicious cyber-operational services.
- SVA: Russian state research institute specializing in advanced IT systems located in Russia. SVA conducted research and development to support SVR malware.
- NeobitSt. Petersburg-based IT company, whose clients include the Russian Ministry of Defense, the SVR and the Russian Federal Security Service (FSB). Neobit conducted research and development to support online businesses conducted by FSB, GRU and SVR.
- AST: Russian IT company, whose clients include the Russian Ministry of Defense, SVR and FSB. AST provided technical support to cyber operations conducted by FSB, GRU and SVR.
- Positive Technologies: Russian IT company supporting clients of the Russian government, including FSB. Positive Technologies provides computer network security solutions to Russian companies, foreign governments and international companies and hosts large-scale contracts used as recruitment events for the FSB and GRU.
Companies and financial institutions of the United States can no longer cooperate with the aforementioned companies without first submitting an application and obtaining permission from the Office of External Assets Control (OFAC).
At the same time, the US Treasury Department announced that it imposed sanctions on 32 natural and legal persons for their alleged involvement in elections 2020 and "attempts by the Russian government to influence the 2020 elections through acts of misinformation and intervention."
The White House also announced deportation ten Russians from the diplomatic mission in Washington, who served as secret service agents under the guise of their diplomatic status.