US intel says ‘fewer than 10’ government agencies affected by follow-on SolarWinds hack, ‘likely Russian in origin’

Among the approximately 18,000 corporations and agencies believed to be affected by the SolarWinds hack, “fewer than 10” government entities have been compromised in a follow-on attack, according to senior intelligence officials.

Director of National Intelligence John Ratcliffe has officially blamed Russia for the latest infiltration of SolarWinds, a tech firm that provides networking and security management services for many US government agencies. Rather than the usual “highly likely” used to delineate dodgy intel, however, Ratcliffe could only say the Kremlin’s responsibility was “likely” in remarks on Tuesday.

Ratcliffe insisted the infiltrations seem to be for “intelligence-gathering” only, and attempted to reassure the public that fewer than 10 government agencies had been further compromised.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks,” read a statement from a unified cyber coordination group comprising ODNI, NSA and CISA.

The cyber group “believes” that just a tiny fraction of the approximately 18,000 affected SolarWinds customers were targeted by any malicious follow-on activity. The megahack apparently went unnoticed by any government agency until private security firm FireEye reported it. In what would seem to be dumb luck rather than skill, the company noticed its own network being hacked and revealed the mammoth size of the breach.

Despite immediate claims of Russian technological aggression, FireEye admitted on Monday that the hack had actually come from within the US – ignominiously pouring cold water on Russiagate-style conspiracy-theorizing.

Like this story? Share it with a friend!