Leading U.S. intelligence agencies on Tuesday assessed Russia as “most likely” at the start of a cyber-response operation discovered in mid-December as Donald Trump attacked it. They also confirmed the severity of the attack.
At least ten U.S. government agencies have been affected, about 18,000 federal structures and private companies have been affected, and ultimately the officially named culprit: “mostly” Russia. Major US Intelligence Services – FBI, NSA, CISA (Cyber Security and Infrastructure Security Agency) and Office of the Director of National Intelligence (OTNI) Tuesday, January 5 Published their findings. The widespread cyber espionage operation in the United States was discovered in mid-December and is “still in operation”, According to the joint press release.
The accused finger pointing in the direction of Moscow represents a nod to President Donald Trump. Shortly after the theft was discovered on December 17, he had a dispute over the Russian route he had mentioned, and wanted to make China his No. 1 suspect.
However, no evidence has been provided by US agencies to support the allegations against Russian cyber spies. This is not surprising: “The United States seldom provides evidence in such cases, so it should not be used as a pretext,” explains Ivan Kuvyatkovsky, a cybersecurity researcher at Kaspersky. France, affiliated with France 24.
For now, however, we must take the word of the Americans for it. “Nothing has been confirmed so far – either by intelligence services or by private sector partners cooperating in the investigation – which allows Russia to communicate,” said Kaspersky, a security official who is actively working to trace the cyber-attack.
But beyond these political weapons surrounding the nature of the attack, these official decisions above all confirm its scale. “This is one of the most important cyber response activities planned in the United States,” said Jerome Billois, a cyber security expert at Wavestone, a specialist consulting firm affiliated with France24.
This is first and foremost due to the sophisticated nature of computer navigation techniques. The attackers took time to identify the weak link between the software providers used by the US administration. They chose an American company, Solarwinds, Which sells programs to manage networks. A virus has been installed on their products called Orion, which is used by nearly 40,000 companies and administrations. Including Microsoft, the State Department, the New York Times or telecommunications groups.
This first malware is designed to spread across computer networks when Solarwinds customers update to Orion. About 18,000 of them have done so, which provides a gateway for hackers. But that’s not all: these cyber spies have identified more than 250 structures, allowing them to install other viruses to monitor the entire computer network and, if necessary, steal important information.
A severe setback for the United States
They have approached some of the most important administrations in the country, such as the State Department (Ministry of Foreign Affairs), the Treasury Departments, National Security and Trade and Energy. These hackers have been able to stay there since March 2020 without provoking suspicion. This is another feature that distinguishes this internet spying activity. “Their quality counts here more than the number of victims,” Ivan Kuvyatkovsky insists.
Jerome Billois estimates that human and technological effects only need to “constantly monitor the theft networks and escape from actions detected by these administrations” to succeed in such a blow. “It is clear that this was a very important move for the country behind the attack,” Ivan Kuvyatkovsky confirmed.
For the United States, this is a serious setback. This case shows just how bad the control over software used by management can be. From the first revelations regarding this attack, Jerome Billois recalled, “We know that the security of information technology in the Solarwinds has already been questioned in the past.”
The extent of the damage is also reflected in the intelligence services being careful not to say so in their joint statement. “We don’t know what information these spies might have,” Wavestone’s expert underscores. Usually, the authorities do everything they can to ensure that, for example, the attackers do not have access to important infrastructure or sensitive information. Nothing like that at the moment. “There are two possible explanations: either they don’t know anything about it, it’s already serious, or they’re too sensitive to say it publicly,” Jerome Billois analyzes.
Then, according to authorities, the attack did not end. “What this means is that investigators are still identifying all of the victims and making sure there is no trace of these spies anywhere,” Ivan Kuvyatkovsky explains.
This is hard work. “Succeeding at removing attackers from a hacked network is often difficult,” says Kaspersky, a French researcher. In particular, it is important to make sure that other rear doors are not installed to allow hackers to intelligently return after the first exit. A major clean-up “it will not be completed by the end of the month”, estimates Ivan Kuvyatkovsky. In other words, when handed over between Donald Trump and Joe Biden on January 20, one or two Russian spies will still be in the virtual corridors of many ministries.