Article · Wikipedia archive · Last revised Jul 3, 2026

2020 United States federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.

Last revised
Jul 3, 2026
Read time
≈ 60 min
Length
13.8k w
Citations
559
Source
2020 United States federal government data breach
U.S. federal institutions reportedly breached. From top, clockwise: Defense,1 Labor,2 Energy,3 State,4 National Institutes of Health,5 Commerce,4 Homeland Security,4 Treasury,4 Agriculture,6 Justice7
Date
  • Before October 2019 (start of supply chain compromise)10
  • March 2020 (possible federal breach start date)1112
  • December 13, 2020 (breach acknowledged)1112
DurationAt least 88 or 9 months9
LocationUnited States, United Kingdom, Spain, Israel, United Arab Emirates, Canada, Mexico, others13
TypeCyberattack, data breach
ThemeMalware, backdoor, advanced persistent threat, espionage
Cause
TargetU.S. federal government, state and local governments, and private sector
First reporter
Suspects

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches.12829 The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access.35 Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches.13637 Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others.36

The attack, which had gone undetected for months, was first publicly reported on December 13, 2020,2526 and was initially only known to have affected the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce.42 In the following days, more departments and private organizations reported breaches.1536

The cyberattack that led to the breaches began no later than March 2020.1112 The attackers exploited software or credentials from at least three U.S. firms: Microsoft, SolarWinds, and VMware.4321 A supply chain attack on SolarWinds's Orion software, widely used in government and industry, provided an initial entry point.944 Microsoft cloud products provided another, allowing the attackers to also breach victims who were not SolarWinds customers.181920 Flaws in Microsoft and VMware products allowed the attackers to access emails and other documents,23241617 and to perform federated authentication across victim resources via single sign-on infrastructure.214546

In addition to the theft of data, the attack caused costly inconvenience to tens of thousands of SolarWinds customers, who had to check whether they had been breached, and had to take systems offline and begin months-long decontamination procedures as a precaution.4748 U.S. senator Richard J. Durbin described the cyberattack as tantamount to a declaration of war.494 President Donald Trump was silent for several days after the attack was publicly disclosed. He suggested that China, not Russia, might have been responsible for it, and that "everything is well under control".505152

Background

SolarWinds, a Texas-based provider of network monitoring software to the U.S. federal government, had shown several security shortcomings prior to the attack.5354 Cybercriminals had been selling access to SolarWinds's infrastructure since at least as early as 2017.5453 SolarWinds had been advising customers to disable antivirus tools before installing SolarWinds software.53 In November 2019, a security researcher had warned SolarWinds that their FTP server was not secure, warning that "any hacker could upload malicious [files]" that would then be distributed to SolarWinds customers.55535654 Furthermore, SolarWinds's Microsoft Office 365 account had been compromised, with the attackers able to access emails and possibly other documents.5758

On December 7, 2020, a few days before trojaned SolarWinds software was publicly confirmed to have been used to attack other organizations, longstanding SolarWinds CEO Kevin Thompson retired.5960 That same day, two private equity firms with ties to SolarWinds's board sold substantial amounts of stock in SolarWinds.59 The firms denied insider trading.5961

Methodology

Multiple attack vectors were used in the course of breaching the various victims of the incident.6263

SolarWinds exploit

This is classic espionage. It's done in a highly sophisticated way ... But this is a stealthy operation.

The attackers used a supply chain attack.64 The attackers accessed the build system belonging to the software company SolarWinds, possibly via SolarWinds's Microsoft Office 365 account, which had also been compromised at some point.65535758 SolarWinds was using build management and continuous integration server TeamCity provided by the Czech company JetBrains. In 2021 The New York Times stated that unknown parties apparently embedded malware in JetBrains' software and through this way compromised also SolarWinds.66

The attackers established a foothold in SolarWinds's software publishing infrastructure no later than September 2019.6768 In the build system, the attackers surreptitiously modified software updates provided by SolarWinds to users of its network monitoring software Orion.6970 The first known modification, in October 2019, was merely a proof of concept.10 Once the proof had been established, the attackers spent December 2019 to February 2020 setting up a command-and-control infrastructure.10

In March 2020, the attackers began to plant remote access tool malware into Orion updates, thereby trojaning them.944717273 These users included U.S. government customers in the executive branch, the military, and the intelligence services (see Impact section, below).1174 If a user installed the update, this would execute the malware payload, which would stay dormant for 12–14 days before attempting to communicate with one or more of several command-and-control servers.75767778 The communications were designed to mimic legitimate SolarWinds traffic.6579 If able to contact one of those servers, this would alert the attackers of a successful malware deployment and offer the attackers a back door that the attackers could choose to utilize if they wished to exploit the system further.7880 The malware started to contact command-and-control servers in April 2020, initially from North America and Europe and subsequently from other continents too.8178

The attackers appear to have utilized only a small fraction of the successful malware deployments: ones located within computer networks belonging to high-value targets.759 Once inside the target networks, the attackers pivoted, installing exploitation tools such as Cobalt strike components,8279 and seeking additional access.651 Because Orion was connected to customers' Office 365 accounts as a trusted 3rd-party application, the attackers were able to access emails and other confidential documents.83 This access apparently helped them to hunt for certificates that would let them sign SAML tokens, allowing them to masquerade as legitimate users to additional on-premises services and to cloud services like Microsoft Azure Active Directory.836584 Once these additional footholds had been obtained, disabling the compromised Orion software would no longer be sufficient to sever the attackers' access to the target network.58586 Having accessed data of interest, they encrypted and exfiltrated it.641

The attackers hosted their command-and-control servers on commercial cloud services from Amazon, Microsoft, GoDaddy and others.87 By using command-and-control IP addresses based in the U.S., and because much of the malware involved was new, the attackers were able to evade detection by Einstein, a national cybersecurity system operated by the Department of Homeland Security (DHS).77488

FBI investigators in February 2021 found that a separate flaw in software made by SolarWinds Corp was used by hackers tied to another foreign government to help break into U.S. government computers.89

Microsoft exploits

If you think about data that is only available to the CEO, or data that is only available to IT services, [the attacker would get] all of this data.

— Sami Ruohonen, F-Secure23

The attackers exploited flaws in Microsoft products, services, and software distribution infrastructure.23171120

In another supply chain attack, at least one reseller of Microsoft cloud services was compromised by the attackers, constituting a supply chain attack that allowed the attackers to access Microsoft cloud services used by the reseller's customers.181920

Alongside this, "Zerologon", a vulnerability in the Microsoft authentication protocol NetLogon, allowed attackers to access all valid usernames and passwords in each Microsoft network that they breached.2324 This allowed them to access additional credentials necessary to assume the privileges of any legitimate user of the network, which in turn allowed them to compromise Microsoft Office 365 email accounts.2324

Additionally, a flaw in Microsoft's Outlook Web App may have allowed attackers to bypass multi-factor authentication.161790

Attackers were found to have broken into Microsoft Office 365 in a way that allowed them to monitor NTIA and Treasury staff emails for several months.113991 This attack apparently used counterfeit identity tokens of some kind, allowing the attackers to trick Microsoft's authentication systems.399293 The presence of single sign-on infrastructure increased the viability of the attack.46

VMware exploits

Vulnerabilities in VMware Access and VMware Identity Manager, allowing existing network intruders to pivot and gain persistence, were utilized in 2020 by Russian state-sponsored attackers.2122 As of December 18, 2020, while it was definitively known that the SUNBURST trojan would have provided suitable access to exploit the VMware bugs, it was not yet definitively known whether attackers had in fact chained those two exploits in the wild.2122

Discovery

SolarWinds exploit

On December 8, 2020, the cybersecurity firm FireEye announced that red team tools had been stolen from it by what it believed to be a state-sponsored attacker.94959697 FireEye was believed to be a target of the SVR, Russia's Foreign Intelligence Service.2798 FireEye says that it discovered the SolarWinds supply chain attack in the course of investigating FireEye's own breach and tool theft.99100

After discovering that attack, FireEye reported it to the U.S. National Security Agency (NSA), a federal agency responsible for helping to defend the U.S. from cyberattacks.1 The NSA is not known to have been aware of the attack before being notified by FireEye.1 The NSA uses SolarWinds software itself.1

Some days later, on December 13, when breaches at the Treasury and Department of Commerce were publicly confirmed to exist, sources said that the FireEye breach was related.1127 On December 15, FireEye confirmed that the vector used to attack the Treasury and other government departments was the same one that had been used to attack FireEye: a trojaned software update for SolarWinds Orion.55101

The security community shifted its attention to Orion. The infected versions were found to be 2019.4 through 2020.2.1 HF1, released between March 2020 and June 2020.7182 FireEye named the malware SUNBURST.1415 Microsoft called it Solorigate.5315 The tool that the attackers used to insert SUNBURST into Orion updates was later isolated by cybersecurity firm CrowdStrike, who called it SUNSPOT.6710270

Subsequent analysis of the SolarWinds compromise using DNS data and reverse engineering of Orion binaries, by DomainTools and ReversingLabs respectively, revealed additional details about the attacker's timeline.10

July 2021 analysis published by the Google Threat Analysis Group found that a "likely Russian government-backed actor" exploited a zero-day vulnerability in fully-updated iPhones to steal authentication credentials by sending messages to government officials on LinkedIn.103

Microsoft exploits

During 2019 and 2020, cybersecurity firm Volexity discovered an attacker making suspicious usage of Microsoft products within the network of a think tank whose identity has not publicly been revealed.10410516 The attacker exploited a vulnerability in the organization's Microsoft Exchange Control Panel, and used a novel method to bypass multi-factor authentication.16 Later, in June and July 2020, Volexity observed the attacker utilizing the SolarWinds Orion trojan; i.e. the attacker used Microsoft vulnerabilities (initially) and SolarWinds supply chain attacks (later on) to achieve their goals.16 Volexity said it was not able to identify the attacker.16

Also in 2020, Microsoft detected attackers using Microsoft Azure infrastructure in an attempt to access emails belonging to CrowdStrike.106 That attack failed because - for security reasons - CrowdStrike does not use Office 365 for email.106

Separately, in or shortly before October 2020, Microsoft Threat Intelligence Center reported that an apparently state-sponsored attacker had been observed exploiting zerologon, a vulnerability in Microsoft's NetLogon protocol.2324 This was reported to CISA, who issued an alert on October 22, 2020, specifically warning state, local, territorial and tribal governments to search for indicators of compromise, and instructing them to rebuild their networks from scratch if compromised.23107 Using VirusTotal, The Intercept discovered continued indicators of compromise in December 2020, suggesting that the attacker might still be active in the network of the city government of Austin, Texas.23

VMware exploits

Some time before December 3, 2020, the NSA discovered and notified VMware of vulnerabilities in VMware Access and VMware Identity Manager.21 VMware released patches on December 3, 2020.21 On December 7, 2020, the NSA published an advisory warning customers to apply the patches because the vulnerabilities were being actively exploited by Russian state-sponsored attackers.21108

Responsibility

Conclusions by investigators

SolarWinds said it believed the malware insertion into Orion was performed by a foreign nation.1112 Russian-sponsored hackers were suspected to be responsible.1091125 U.S. officials stated that the specific groups responsible were probably the SVR or Cozy Bear (also known as APT29).2726 FireEye gave the suspects the placeholder name "UNC2452";6516 incident response firm Volexity called them "Dark Halo".16105 On December 23, 2020, the CEO of FireEye said Russia was the most likely culprit and the attacks were "very consistent" with the SVR.110 One security researcher offers the likely operational date, February 27, 2020, with a significant change of aspect on October 30, 2020.111

In January 2021, cybersecurity firm Kaspersky said SUNBURST resembles the malware Kazuar, which is believed to have been created by Turla,112102113114 a group known from 2008 that Estonian intelligence previously linked it to the Russian federal security service, FSB.11511689

Statements by U.S. government officials

On October 22, 2020, CISA and the FBI identified the Microsoft zerologon attacker as Berserk Bear, a state-sponsored group believed to be part of Russia's FSB.23

On December 18, U.S. Secretary of State Mike Pompeo said Russia was "pretty clearly" responsible for the cyber attack.117118119

On December 19, U.S. president Donald Trump publicly addressed the attacks for the first time, downplaying its severity and suggesting without evidence that China, rather than Russia, might be responsible.515011952 The same day, Republican senator Marco Rubio, acting chair of the Senate Intelligence Committee, said it was "increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history."37120

On December 20, Democratic senator Mark Warner, briefed on the incident by intelligence officials, said "all indications point to Russia."121

On December 21, 2020, former Attorney General William Barr said that he agreed with Pompeo's assessment of the origin of the cyberhack and that it "certainly appears to be the Russians," contradicting Trump.122123124

On January 5, 2021, CISA, the FBI, the NSA, and the Office of the Director of National Intelligence, all confirmed that they believe Russia was the most likely culprit.125126127 On June 10, 2021, FBI Director Christopher Wray attributed the attack to Russia's SVR specifically.128

Denial of involvement

The Russian government said that it was not involved.129

The Chinese foreign ministry said in a statement, "China resolutely opposes and combats any form of cyberattacks and cyber theft."89

Impact

SolarWinds said that of its 300,000 customers, 33,000 use Orion.1 Of these, around 18,000 government and private users downloaded compromised versions.15130

Discovery of the breaches at the U.S. Treasury and Commerce Departments immediately raised concerns that the attackers would attempt to breach other departments, or had already done so.9225 Further investigation proved these concerns to be well-founded.1 Within days, additional federal departments were found to have been breached.11316 Reuters quoted an anonymous U.S. government source as saying: “This is a much bigger story than one single agency. This is a huge cyber espionage campaign targeting the U.S. government and its interests.”11

Compromised versions were known to have been downloaded by the Centers for Disease Control and Prevention, the Justice Department, and some utility companies.1 Other prominent U.S. organizations known to use SolarWinds products, though not necessarily Orion, were the Los Alamos National Laboratory, Boeing, and most Fortune 500 companies.1132 Outside the U.S., reported SolarWinds clients included parts of the British government, including the Home Office, National Health Service, and signals intelligence agencies; the North Atlantic Treaty Organization (NATO); the European Parliament; and likely AstraZeneca.536 FireEye said that additional government, consulting, technology, telecom and extractive entities in North America, Europe, Asia and the Middle East may also have been affected.5

Through a manipulation of software keys, the hackers were able to access the email systems used by the Treasury Department's highest-ranking officials. This system, although unclassified, is highly sensitive because of the Treasury Department's role in making decisions that move the market, as well as decisions on economic sanctions and interactions with the Federal Reserve.124

Simply downloading a compromised version of Orion was not necessarily sufficient to result in a data breach; further investigation was required in each case to establish whether a breach resulted.1133 These investigations were complicated by: the fact that the attackers had in some cases removed evidence;62 the need to maintain separate secure networks as organizations' main networks were assumed to be compromised;62 and the fact that Orion was itself a network monitoring tool, without which users had less visibility of their networks.64 As of mid-December 2020, those investigations were ongoing.15

As of mid-December 2020, U.S. officials were still investigating what was stolen in the cases where breaches had occurred, and trying to determine how it could be used.11134 Commentators said that the information stolen in the attack would increase the perpetrator's influence for years to come.5713578 Possible future uses could include attacks on hard targets like the CIA and NSA,4 or using blackmail to recruit spies.136 Cyberconflict professor Thomas Rid said the stolen data would have myriad uses.134 He added that the amount of data taken was likely to be many times greater than during Moonlight Maze, and if printed would form a stack far taller than the Washington Monument.134

Even where data was not exfiltrated, the impact was significant.48 The Cybersecurity and Infrastructure Security Agency (CISA) advised that affected devices be rebuilt from trusted sources, and that all credentials exposed to SolarWinds software should be considered compromised and should therefore be reset.137 Anti-malware companies additionally advised searching log files for specific indicators of compromise.138139140

However, it appeared that the attackers had deleted or altered records, and may have modified network or system settings in ways that could require manual review.62141 Former Homeland Security Advisor Thomas P. Bossert warned that it could take years to evict the attackers from US networks, leaving them able to continue to monitor, destroy or tamper with data in the meantime.47 Harvard's Bruce Schneier, and NYU's Pano Yannakogeorgos, founding dean of the Air Force Cyber College, said that affected networks may need to be replaced completely.142143

The Justice Department disclosed in July 2021 that 27 of its federal prosecutors' offices around the country had been affected, including 80% of Microsoft email accounts breached in four New York offices. Two of the offices, in Manhattan and Brooklyn, handle many prominent investigations of white-collar crime, as well as of people close to former president Trump.144145

List of confirmed connected data breaches

U.S. federal government

Branch Institution Affected part(s) include Assets accessed Sources
Executive Department of Agriculture National Finance Center 61468414714889
Department of Commerce National Telecommunications and Information Administration 1491150151767871147152153148154155
Department of Defense Parts of The Pentagon, National Security Agency, Defense Information Systems Agency 1156154155157158
Department of Energy National Nuclear Security Administration 3159160161162152153148154163155
Department of Health and Human Services National Institutes of Health 15671153148
Department of Homeland Security Cybersecurity and Infrastructure Security Agency e-mails of top officials 1511507678711147153148164165
Department of Justice ~3000 Microsoft Office 365-hosted email accounts 1667167168169170144
Department of Labor Bureau of Labor Statistics 2
Department of State 115671153148155
United States Department of Transportation Federal Aviation Administration 157
Department of the Treasury 115015614976787114715215314846155
Judicial Administrative Office of the United States Courts Case Management/Electronic Case Files Court documents, including sealed case files 171172173174175176177178179

U.S. state and local governments

Department Affected part(s) include Sources
Arizona Pima County 180181
California California Department of State Hospitals 182
Ohio Kent State University 182
Texas City of Austin 23

Private sector

Organization Assets accessed Sources
Belkin 182
Cisco Systems 183184185153181
Cox Communications 18010186181
Equifax 185
Fidelis 187
FireEye
  • Red team tools
1511567671
Malwarebytes 188189190
Microsoft
431611911921931941953196197185153154155164198199200201202203204
Mimecast 205206207208209210
Nvidia 182
Palo Alto Networks 187
Qualys 187
SolarWinds 15115676197196
A think tank (unnamed as of December 15, 2020) 161331051790127
VMware 182

Investigations and responses

Technology companies and business

On December 8, 2020, before other organizations were known to have been breached, FireEye published countermeasures against the red team tools that had been stolen from FireEye.98211

On December 15, 2020, Microsoft announced that SUNBURST, which only affects Windows platforms, had been added to Microsoft's malware database and would, from December 16 onwards, be detected and quarantined by Microsoft Defender.21271

GoDaddy handed ownership to Microsoft of a command-and-control domain used in the attack, allowing Microsoft to activate a killswitch in the SUNBURST malware, and to discover which SolarWinds customers were infected.55

On December 14, 2020, the CEOs of several American utility companies convened to discuss the risks posed to the power grid by the attacks.1 On December 22, 2020, the North American Electric Reliability Corporation asked electricity companies to report their level of exposure to SolarWinds software.213

SolarWinds unpublished its featured customer list after the hack,214 although as of December 15, cybersecurity firm GreyNoise Intelligence said SolarWinds had not removed the infected software updates from its distribution server.5557215

Around January 5, 2021, SolarWinds investors filed a class action lawsuit against the company in relation to its security failures and subsequent fall in share price.216217 Soon after, SolarWinds hired a new cybersecurity firm co-founded by Krebs.218

The Linux Foundation pointed out that if Orion had been open source, users would have been able to audit it, including via reproducible builds, making it much more likely that the malware payload would have been spotted.219

U.S. government

On December 18, 2020, U.S. Secretary of State Mike Pompeo said that some details of the event would likely be classified so as not to become public.69

Security agencies

On December 12, 2020, a National Security Council (NSC) meeting was held at the White House to discuss the breach of federal organizations.11 On December 13, 2020, CISA issued an emergency directive asking federal agencies to disable the SolarWinds software, to reduce the risk of additional intrusions, even though doing so would reduce those agencies' ability to monitor their computer networks.1137 The Russian government said that it was not involved in the attacks.220

On December 14, 2020, the Department of Commerce confirmed that it had asked the CISA and the FBI to investigate.1127221 The NSC activated Presidential Policy Directive 41, an Obama-era emergency plan, and convened its Cyber Response Group.222223 The U.S. Cyber Command threatened swift retaliation against the attackers, pending the outcome of investigations.224

The DOE helped to compensate for a staffing shortfall at CISA by allocating resources to help the Federal Energy Regulatory Commission (FERC) recover from the cyberattack.15964160 The FBI, CISA, and the Office of the Director of National Intelligence (ODNI) formed a Cyber Unified Coordination Group (UCG) to coordinate their efforts.225

On December 24, 2020, CISA said state and local government networks, in addition to federal ones, and other organizations, had been impacted by the attack, but did not provide further details.226

The Cyber Safety Review Board did not investigate the underlying weakness.227

Congress

The Senate Armed Services Committee's cybersecurity subcommittee was briefed by Defense Department officials.86 The House Committee on Homeland Security and House Committee on Oversight and Reform announced an investigation.43 Marco Rubio, acting chair of the Senate Intelligence Committee, said the U.S. must retaliate, but only once the perpetrator is certain.228 The committee's vice-chairman, Mark Warner, criticized President Trump for failing to acknowledge or react to the hack.229

Senator Ron Wyden called for mandatory security reviews of software used by federal agencies.151147

On December 22, 2020, after U.S. Treasury Secretary Steven Mnuchin told reporters that he was "completely on top of this", the Senate Finance Committee was briefed by Microsoft that dozens of Treasury email accounts had been breached, and the attackers had accessed systems of the Treasury's Departmental Offices division, home to top Treasury officials.46124 Senator Wyden said that the briefing showed that the Treasury "still does not know all of the actions taken by hackers, or precisely what information was stolen".46124

On December 23, 2020, Senator Bob Menendez asked the State Department to end its silence about the extent of its breach, and Senator Richard Blumenthal asked the same of the Veterans Administration.230231

The judiciary

The Administrative Office of the United States Courts initiated an audit, with DHS, of the U.S. Judiciary's Case Management/Electronic Case Files (CM/ECF) system.171178 It stopped accepting highly sensitive court documents to the CM/ECF, requiring those instead to be accepted only in paper form or on airgapped devices.173174175

President Trump

President Donald Trump made no comment on the hack for days after it was reported, leading Senator Mitt Romney to decry his "silence and inaction".232 On December 19, Trump publicly addressed the attacks for the first time; he downplayed the hack, contended that the media had overblown the severity of the incident, said that "everything is well under control"; and proposed, without evidence, that China, rather than Russia, might be responsible for the attack. Trump then pivoted to insisting that he had won the 2020 presidential election.5011911751233 He speculated, without evidence, that the attack might also have involved a "hit" on voting machines, part of a long-running campaign by Trump to falsely assert that he won the 2020 election. Trump's claim was rebutted by former CISA director Chris Krebs, who pointed out that Trump's claim was not possible.1233234 Adam Schiff, chair of the House Intelligence Committee, described Trump's statements as dishonest,235 calling the comment a "scandalous betrayal of our national security" that "sounds like it could have been written in the Kremlin."233

Former Homeland Security Advisor Thomas P. Bossert said, "President Trump is on the verge of leaving behind a federal government, and perhaps a large number of major industries, compromised by the Russian government," and noted that congressional action, including via the National Defense Authorization Act would be required to mitigate the damage caused by the attacks.3023647

President Biden

Then president-elect Joe Biden said he would identify and penalize the attackers.633 Biden's incoming chief of staff, Ron Klain, said the Biden administration's response to the hack would extend beyond sanctions.237 On December 22, 2020, Biden reported that his transition team was still being denied access to some briefings about the attack by Trump administration officials.238239

In January 2021, Biden named appointees for two relevant White House positions: Elizabeth Sherwood-Randall as homeland security adviser, and Anne Neuberger as deputy national security adviser for cyber and emerging technology.240

In March 2021, the Biden administration expressed growing concerns over the hack, and White House Press Secretary Jen Psaki called it “an active threat”.241 Meanwhile The New York Times reported that the US government was planning economic sanctions as well as "a series of clandestine actions across Russian networks" in retaliation.242

On April 15, 2021, the United States expelled 10 Russian diplomats and issued sanctions against 6 Russian companies that support its cyber operations, as well as 32 individuals and entities for their role in the hack and in Russian interference in the 2020 United States elections.243244245

Rest of the world

NATO said that it was "currently assessing the situation, with a view to identifying and mitigating any potential risks to our networks."36 On December 18, the United Kingdom National Cyber Security Centre said that it was still establishing the attacks' impact on the UK.246 The UK and Irish cybersecurity agencies published alerts targeting SolarWinds customers.129

On December 23, 2020, the UK Information Commissioner's Office – a national privacy authority – told UK organizations to check immediately whether they were impacted.110247

On December 24, 2020, the Canadian Centre for Cyber Security asked SolarWinds Orion users in Canada to check for system compromises.248249

Cyber espionage or cyberattack?

The attack prompted a debate on whether the hack should be treated as cyber espionage, or as a cyberattack constituting an act of war.250 Most current and former U.S. officials considered the 2020 Russian hack to be a "stunning and distressing feat of espionage" but not a cyberattack because the Russians did not appear to destroy or manipulate data or cause physical damage (for example, to the electrical grid).251 Erica Borghard of the Atlantic Council and Columbia's Saltzman Institute and Jacquelyn Schneider of the Hoover Institution and Naval War College argued that the breach was an act of espionage that could be responded to with "arrests, diplomacy, or counterintelligence" and had not yet been shown to be a cyberattack, a classification that would legally allow the U.S. to respond with force.252 Law professor Jack Goldsmith wrote that the hack was a damaging act of cyber-espionage but "does not violate international law or norms" and wrote that "because of its own practices, the U.S. government has traditionally accepted the legitimacy of foreign governmental electronic spying in U.S. government networks."253 Law professor Michael Schmitt concurred, citing the Tallinn Manual.254

By contrast, Microsoft president Brad Smith termed the hack a cyberattack,251 stating that it was "not 'espionage as usual,' even in the digital age" because it was "not just an attack on specific targets, but on the trust and reliability of the world's critical infrastructure."255256 U.S. Senator Richard J. Durbin (D-IL) described the attack as tantamount to a declaration of war.494

Debate on possible U.S. responses

Writing for Wired, Borghard and Schneider opined that the U.S. "should continue to build and rely on strategic deterrence to convince states not to weaponize the cyber intelligence they collect". They also stated that because deterrence may not effectively discourage cyber-espionage attempts by threat actors, the U.S. should also focus on making cyber-espionage less successful through methods such as enhanced cyber-defenses, better information-sharing, and "defending forward" (reducing Russian and Chinese offensive cyber-capabilities).252

Writing for The Dispatch, Goldsmith wrote that the failure of defense and deterrence strategies against cyber-intrusion should prompt consideration of a "mutual restraint" strategy, "whereby the United States agrees to curb certain activities in foreign networks in exchange for forbearance by our adversaries in our networks."253

Cybersecurity author Bruce Schneier advocated against retaliation or increases in offensive capabilities, proposing instead the adoption of a defense-dominant strategy and ratification of the Paris Call for Trust and Security in Cyberspace or the Global Commission on the Stability of Cyberspace.257

In the New York Times, Paul Kolbe, former CIA agent and director of the Intelligence Project at Harvard's Belfer Center for Science and International Affairs, echoed Schneier's call for improvements in the U.S.'s cyberdefenses and international agreements. He also noted that the US is engaged in similar operations against other countries in what he described as an ambient cyber-conflict.258

See also

See also

References

References

  1. Sanger, David E.; Perlroth, Nicole; Schmitt, Eric (December 15, 2020). "Scope of Russian Hack Becomes Clear: Multiple U.S. Agencies Were Hit". The New York Times. Archived from the original on December 18, 2020. Retrieved December 15, 2020.
  2. Morath, Eric; Cambon, Sarah Chaney (January 14, 2021). "SolarWinds Hack Leaves Market-Sensitive Labor Data Intact, Scalia Says". The Wall Street Journal. Archived from the original on June 7, 2021. Retrieved January 14, 2021.
  3. Turton, William; Riley, Michael; Jacobs, Jennifer (December 17, 2020). "Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed". Bloomberg L.P. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  4. Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (December 16, 2020). "Billions Spent on U.S. Defenses Failed to Detect Giant Russian Hack". The New York Times. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  5. Stubbs, Jack; Satter, Raphael; Menn, Joseph (December 15, 2020). "U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack". Reuters. Archived from the original on December 15, 2020. Retrieved December 15, 2020.
  6. Fung, Brian. "Why the US government hack is literally keeping security experts awake at night". CNN. Archived from the original on December 17, 2020. Retrieved December 18, 2020.
  7. Goodin, Dan (January 7, 2021). "DoJ says SolarWinds hackers breached its Office 365 system and read email". Ars Technica. Archived from the original on February 7, 2021. Retrieved January 11, 2021.
  8. "SolarWinds Orion: More US government agencies hacked". BBC. December 15, 2020. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  9. Timberg, Craig; Nakashima, Ellen (December 14, 2020). "Russian hack was 'classic espionage' with stealthy, targeted tactics". The Washington Post. Archived from the original on December 14, 2020. Retrieved December 18, 2020.
  10. Kovacs, Eduard (December 18, 2020). "SolarWinds Likely Hacked at Least One Year Before Breach Discovery". SecurityWeek.com. Archived from the original on February 18, 2021. Retrieved December 18, 2020.
  11. Bing, Christopher (December 14, 2020). "Suspected Russian hackers spied on U.S. Treasury emails – sources". Reuters. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  12. O'Brien, Matt; Bajak, Frank (December 15, 2020). "EXPLAINER: How bad is the hack that targeted US agencies?". Houston Chronicle. Archived from the original on December 14, 2020. Retrieved December 15, 2020.
  13. Cook, James (December 18, 2020). "Microsoft warns UK companies were targeted by SolarWinds hackers". The Telegraph. Archived from the original on April 19, 2021. Retrieved December 21, 2020.
  14. Cimpanu, Catalin (December 14, 2020). "Microsoft, FireEye confirm SolarWinds supply chain attack". ZDNet. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  15. Block, Bar (December 16, 2020). "Sunburst Trojan – What You Need to Know". Deep Instinct. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  16. Kovacs, Eduard (December 15, 2020). "Group Behind SolarWinds Hack Bypassed MFA to Access Emails at US Think Tank". SecurityWeek.com. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  17. Goodin, Dan (December 15, 2020). "SolarWinds hackers have a clever way to bypass multi-factor authentication". Ars Technica. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  18. Nakashima, Ellen (December 24, 2020). "Russian hackers compromised Microsoft cloud customers through third party, putting emails and other data at risk". The Washington Post. Retrieved December 25, 2020.
  19. Menn, Joseph; Satter, Raphael (December 24, 2020). "Suspected Russian hackers used Microsoft vendors to breach customers". Reuters.
  20. "Russians Are Believed to Have Used Microsoft Resellers in Cyberattacks (Published 2020)". The New york Times. December 25, 2020. Retrieved June 10, 2025.
  21. "VMware Flaw a Vector in SolarWinds Breach?". Krebs on Security. December 7, 2020. Archived from the original on March 11, 2021. Retrieved December 18, 2020.
  22. Bass, Dina; Wittenstein, Jeran (December 18, 2020). "VMware Falls on Report Its Software Led to SolarWinds Breach". Bloomberg.com. Archived from the original on March 26, 2021. Retrieved December 18, 2020.
  23. Hvistendahl, Mara; Lee, Micah; Smith, Jordan (December 17, 2020). "Russian Hackers Have Been Inside Austin City Network for Months". The Intercept. Archived from the original on December 17, 2020. Retrieved December 18, 2020.
  24. Lyngaas, Sean (September 21, 2020). "CISA orders agencies to quickly patch critical Netlogon bug". CyberScoop. Archived from the original on October 30, 2020. Retrieved December 18, 2020.
  25. Bing, Christopher (December 13, 2020). "REFILE-EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government – sources". Reuters. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  26. Nakashima, Ellen (December 13, 2020). "Russian government spies are behind a broad hacking campaign that has breached U.S. agencies and a top cyber firm". The Washington Post. Archived from the original on December 13, 2020. Retrieved December 14, 2020.
  27. "Federal government breached by Russian hackers who targeted FireEye". NBC News. December 14, 2020. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  28. "US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo". BBC. December 19, 2020. Archived from the original on May 27, 2021. Retrieved December 19, 2020.
  29. Kantchev, Georgi; Strobel, Warren P. (January 2, 2021). "How Russia's 'Info Warrior' Hackers Let Kremlin Play Geopolitics on the Cheap". Wall Street Journal. ISSN 0099-9660. ProQuest 2474544289. Archived from the original on January 8, 2021. Retrieved January 5, 2021.
  30. Bossert, Thomas P. (December 17, 2020). "Opinion | I Was the Homeland Security Adviser to Trump. We're Being Hacked". The New York Times. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  31. Sebenius, Alyza; Mehrotra, Kartikay; Riley, Michael (December 14, 2020). "U.S. Agencies Exposed in Attack by Suspected Russian Hackers". Bloomberg.com. Bloomberg L.P. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  32. Fox, Ben (December 17, 2020). "Cyber attack may be 'worst hacking case in the history of America'". Las Vegas Review-Journal. Associated Press. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  33. Riotta, Chris (December 17, 2020). "US under major active cyberattack from Russia, Trump's former security adviser warns". The Independent. New York. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  34. Paul, Kari; Beckett, Lois (December 18, 2020). "What we know – and still don't – about the worst-ever US government cyber-attack". The Guardian. Archived from the original on December 20, 2020. Retrieved December 20, 2020.
  35. 3031323334
  36. Gallagher, Ryan; Donaldson, Kitty (December 14, 2020). "U.K. Government, NATO Join U.S. in Monitoring Risk From Hack". Bloomberg.com. Bloomberg L.P. Archived from the original on December 15, 2020. Retrieved December 16, 2020.
  37. Turton, William (December 19, 2020). "At Least 200 Victims Identified in Suspected Russian Hacking". Bloomberg. Archived from the original on April 6, 2021. Retrieved December 20, 2020.
  38. Macias, Amanda (December 13, 2020). "White House acknowledges reports of cyberattack on U.S. Treasury by foreign government". CNBC. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  39. Sanger, David E. (December 13, 2020). "Russian Hackers Broke Into Federal Agencies, U.S. Officials Suspect". The New York Times. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  40. Rosenberg, Adam (December 13, 2020). "Russian government-backed hackers breached the U.S. Treasury, Commerce departments". Mashable. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  41. Wade, Peter (December 13, 2020). "Treasury, Commerce, Other Agencies Hacked by Russian Government Spies, Report Says". Rolling Stone. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  42. 2638394041
  43. Menn, Joseph (December 18, 2020). "Microsoft says it found malicious software in its systems". Reuters. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  44. Wolff, Josephine (December 16, 2020). "What We Do and Don't Know About the Massive Federal Government Hack". Slate. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  45. Cimpanu, Catalin (December 18, 2020). "NSA warns of federated login abuse for local-to-cloud attacks". Zero Day. Ziff-Davis. Archived from the original on February 9, 2021. Retrieved December 19, 2020.
  46. Satter, Raphael (December 22, 2020). "'Dozens of email accounts' were hacked at U.S. Treasury -Senator Wyden". Reuters. Archived from the original on July 25, 2022. Retrieved March 25, 2023.
  47. Porter, Tom (December 17, 2020). "It could take years to evict Russia from the US networks it hacked, leaving it free to destroy or tamper with data, ex-White House official warns". Business Insider. Archived from the original on August 8, 2022. Retrieved March 24, 2023.
  48. Barth, Bradley (December 15, 2020). "Here are the critical responses required of all businesses after SolarWinds supply-chain hack". SC Media. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  49. Gould, Joe (December 17, 2020). "No. 2 Senate Democrat decries alleged Russian hack as 'virtual invasion'". Defense News. Archived from the original on January 31, 2021. Retrieved December 21, 2020.
  50. Axelrod, Tal (December 19, 2020). "Trump downplays impact of hack, questions whether Russia involved". The Hill. Archived from the original on April 26, 2021. Retrieved December 19, 2020. "The Cyber Hack is far greater in the Fake News Media than in actuality. I have been fully briefed and everything is well under control. Russia, Russia, Russia is the priority chant when anything happens because Lamestream is, for mostly financial reasons, petrified of discussing the possibility that it may be China (it may!)," Trump tweeted.
  51. Colvin, Jill; Lee, Matthew (December 19, 2020). "Trump downplays Russia in first comments on hacking campaign". Associated Press. Archived from the original on February 23, 2021. Retrieved December 20, 2020.
  52. Stracqualursi, Veronica; Liptak, Kevin; Hansler, Jennifer (December 19, 2020). "Trump downplays massive cyber hack on government after Pompeo links attack to Russia". CNN. Archived from the original on May 13, 2021. Retrieved December 19, 2020.
  53. Seals, Tara (December 16, 2020). "The SolarWinds Perfect Storm: Default Password, Access Sales and More". Threat Post. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  54. Satter, Raphael; Bing, Christopher; Menn, Joseph (December 16, 2020). "Hackers used SolarWinds' dominance against it in sprawling spy campaign". Reuters. Archived from the original on December 17, 2020. Retrieved December 16, 2020.
  55. "SolarWinds Hack Could Affect 18K Customers". Krebs on Security. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  56. Varghese, Sam (December 15, 2020). "SolarWinds FTP credentials were leaking on GitHub in November 2019". itwire.com. Archived from the original on December 15, 2020. Retrieved December 17, 2020.
  57. McCarthy, Kieren (December 15, 2020). "SolarWinds: Hey, only as many as 18,000 customers installed backdoored software linked to US govt hacks". The Register. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  58. Claburn, Thomas (December 16, 2020). "We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'". The Register. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  59. Novet, Jordan (December 16, 2020). "SolarWinds hack has shaved 23% from software company's stock this week". CNBC. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  60. McCarthy, Kieren (December 16, 2020). "SolarWinds' shares drop 22 per cent. But what's this? $286m in stock sales just before hack announced?". The Register. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  61. "SolarWinds falls under scrutiny after hack, stock sales". MarketWatch. Associated Press. December 16, 2020. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  62. Menn, Joseph (December 18, 2020). "Microsoft says it found malicious software in its systems". Reuters. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  63. Sanger, David E.; Perlroth, Nicole (December 17, 2020). "More Hacking Attacks Found as Officials Warn of 'Grave Risk' to U.S. Government". The New York Times. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  64. Newman, Lily Hay (December 14, 2020). "No One Knows How Deep Russia's Hacking Rampage Goes". Wired. Archived from the original on December 17, 2020. Retrieved December 16, 2020.
  65. Goodin, Dan (December 14, 2020). "~18,000 organizations downloaded backdoor planted by Cozy Bear hackers". Ars Technica. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  66. Perlroth, Nicole; Sanger, David E.; Barnes, Julian E. (January 6, 2021). "Widely Used Software Company May Be Entry Point for Huge U.S. Hacking". The New York Times. ISSN 0362-4331. Archived from the original on May 31, 2021. Retrieved June 30, 2022.
  67. Cimpanu, Catalin (January 12, 2021). "Third malware strain discovered in SolarWinds supply chain attack". ZDNet. Archived from the original on March 18, 2021. Retrieved January 13, 2021.
  68. Sebastian, Dave (January 12, 2021). "SolarWinds Discloses Earlier Evidence of Hack". WSJ. Archived from the original on June 7, 2021. Retrieved January 13, 2021.
  69. Sharwood, Simon (December 20, 2020). "Trump administration says Russia behind SolarWinds hack. Trump himself begs to differ". The Register. Archived from the original on February 1, 2021. Retrieved December 21, 2020.
  70. Corfield, Gareth (January 12, 2021). "SolarWinds malware was sneaked out of the firm's Orion build environment 6 months before anyone realised it was there – report". The Register. Archived from the original on March 2, 2021. Retrieved January 13, 2021.
  71. Cimpanu, Catalin (December 15, 2020). "Microsoft to quarantine SolarWinds apps linked to recent hack". ZDNet. Archived from the original on December 17, 2020. Retrieved March 25, 2023.
  72. Lyons, Kim (December 13, 2020). "Hackers backed by Russian government reportedly breached US government agencies". The Verge. Archived from the original on December 14, 2020. Retrieved December 15, 2020.
  73. "CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products" (Press release). CISA. December 13, 2020. Archived from the original on December 15, 2020. Retrieved December 15, 2020.
  74. Sebbenius, Alyza; Mehrotra, Kartikay; Riley, Michael. "U.S. Government Agencies Hit by Hackers During Software Update". MSN. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  75. Cimpanu, Catalin (December 15, 2020). "Microsoft and industry partners seize key domain used in SolarWinds hack". ZDNet. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  76. Seals, Tara (December 14, 2020). "DHS Among Those Hit in Sophisticated Cyberattack by Foreign Adversaries – Report". Threat Post. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  77. Timberg, Craig; Nakashima, Ellen (December 16, 2020). "Russians outsmart US government hacker detection system — but Moscow denies involvement". The Independent. Archived from the original on December 18, 2020. Retrieved December 16, 2016.
  78. Tidy, Joe (December 16, 2020). "SolarWinds: Why the Sunburst hack is so serious". BBC. Archived from the original on December 16, 2020. Retrieved December 18, 2020.
  79. Gilberti, Nick (December 14, 2020). "SolarWinds Orion and UNC2452 – Summary and Recommendations". TrustedSec. Archived from the original on December 15, 2020. Retrieved December 17, 2020.
  80. Abrams, Lawrence (December 16, 2020). "FireEye, Microsoft create kill switch for SolarWinds backdoor". BleepingComputer. Archived from the original on December 17, 2020. Retrieved December 18, 2020.
  81. TTadeusz, Malavika Balachandran; Kipp, Jesse (December 16, 2020). "Trend data on the SolarWinds Orion compromise". The Cloudflare Blog. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  82. Uchill, Joe (December 14, 2020). "After high profile hacks hit federal agencies, CISA demands drastic SolarWinds mitigation". SC Media. Archived from the original on December 15, 2020. Retrieved December 17, 2020.
  83. Hines, Matt (December 17, 2020). "Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack". CipherCloud. Archived from the original on August 28, 2021. Retrieved March 24, 2023.
  84. Cohen, Zachary; Marquardt, Alex; Fung, Brian (December 16, 2020). "Massive hack of US government launches search for answers as Russia named top suspect". CNN. Archived from the original on December 5, 2021. Retrieved March 24, 2023.
  85. Dorfman, Zach (December 15, 2020). "What we know about Russia's sprawling hack into federal agencies". Axios. Archived from the original on December 15, 2020. Retrieved December 16, 2020.
  86. Miller, Maggie (December 16, 2020). "Schiff calls for 'urgent' work to defend nation in the wake of massive cyberattack". The Hill. Archived from the original on January 16, 2023. Retrieved March 24, 2023.
  87. "Unraveling Network Infrastructure Linked to the SolarWinds Hack". DomainTools. December 14, 2020. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  88. Timberg, Craig; Nakashima, Ellen. "The U.S. government spent billions on a system for detecting hacks. The Russians outsmarted it". The Washington Post. Archived from the original on December 29, 2022. Retrieved March 24, 2023.
  89. Menn, Christopher Bing, Jack Stubbs, Raphael Satter, Joseph (February 3, 2021). "Exclusive: Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency – sources". Reuters. Archived from the original on May 5, 2021. Retrieved February 8, 2021.{{cite news}}: CS1 maint: multiple names: authors list (link)
  90. Schneier, Bruce (December 15, 2020). "How the SolarWinds Hackers Bypassed Duo's Multi-Factor Authentication". Schneier on Security. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  91. Massie, Graeme (December 13, 2020). "Russian government hackers behind breach at US treasury and commerce departments". The Independent. Los Angeles. Archived from the original on December 13, 2020. Retrieved December 14, 2020.
  92. "US treasury hacked by foreign government group – report". The Guardian. Reuters. December 13, 2020. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  93. "Foreign government hacked into US Treasury Department's emails – reports". Sky News. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  94. Fireeye. "Unauthorized Access of FireEye Red Team Tools". Mandiant Blog. Fireeye (Mandiant). Retrieved September 18, 2023.
  95. "Hackers backed by foreign government reportedly steal info from US Treasury". The Times of Israel. December 13, 2020. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  96. Sanger, David E.; Perlroth, Nicole (December 8, 2020). "FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State". The New York Times. Archived from the original on December 15, 2020. Retrieved December 15, 2020.
  97. "US cybersecurity firm FireEye says it was hacked by foreign government". The Guardian. December 9, 2020. Archived from the original on December 16, 2020. Retrieved December 15, 2020.
  98. Newman, Lily Hay (December 8, 2020). "Russia's FireEye Hack Is a Statement—but Not a Catastrophe". Wired. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  99. Murdock, Jason (December 15, 2020). "Suspected Russia SolarWinds hack exposed after FireEye cybersecurity firm found "backdoor"". Newsweek. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  100. "Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor". FireEye. December 13, 2020. Archived from the original on December 15, 2020. Retrieved December 15, 2020.
  101. Paul, Kari (December 15, 2020). "What you need to know about the biggest hack of the US government in years". The Guardian. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  102. Gatlan, Sergiu (January 12, 2021). "New Sunspot malware found while investigating SolarWinds hack". BleepingComputer. Archived from the original on May 29, 2021. Retrieved January 13, 2021.
  103. Goodin, Dan (July 14, 2021). "iOS zero-day let SolarWinds hackers compromise fully updated iPhones". Ars Technica. Archived from the original on July 15, 2021. Retrieved July 15, 2021.
  104. Cash, Damien; Meltzer, Matthew; Koessel, Sean; Adair, Steven; Lancaster, Thomas (December 14, 2020). "Dark Halo Leverages SolarWinds Compromise to Breach Organizations". Volexity. Archived from the original on May 31, 2021. Retrieved December 18, 2020.
  105. Tarabay, Jamie (December 15, 2020). "Hacking Spree by Suspected Russians Included U.S. Think Tank". Bloomberg L.P. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  106. Vavra, Shannon (December 24, 2020). "Microsoft alerts CrowdStrike of hackers' attempted break-in". CyberScoop. Archived from the original on January 4, 2021. Retrieved December 25, 2020.
  107. "Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets". CISA. December 1, 2020. Archived from the original on May 20, 2021. Retrieved December 18, 2020.
  108. Goodin, Dan (December 7, 2020). "NSA says Russian state hackers are using a VMware flaw to ransack networks". Ars Technica. Archived from the original on April 21, 2021. Retrieved December 19, 2020.
  109. Bing, Christopher (December 14, 2020). "Russian-sponsored hackers behind broad security breach of U.S. agencies: sources". The Japan Times. Archived from the original on December 14, 2020. Retrieved December 14, 2020.
  110. Katz, Justin (December 23, 2020). "50 orgs 'genuinely impacted' by SolarWinds hack, FireEye chief says". Defense Systems. Archived from the original on March 9, 2021. Retrieved December 23, 2020.
  111. Slowik, Joe (December 14, 2020). "Unraveling Network Infrastructure Linked to the SolarWinds Hack". DomainTools. Archived from the original on December 6, 2022. Retrieved March 24, 2023.
  112. Goodin, Dan (January 11, 2021). "SolarWinds malware has "curious" ties to Russian-speaking hackers". Ars Technica. Archived from the original on April 6, 2021. Retrieved January 13, 2021.
  113. Corfield, Gareth (January 12, 2021). "Kaspersky Lab autopsies evidence on SolarWinds hack". The Register. Archived from the original on May 18, 2021. Retrieved January 13, 2021.
  114. Greenberg, Andy (January 11, 2021). "SolarWinds Hackers Shared Tricks With Known Russian Cyberspies". Wired. Archived from the original on March 5, 2021. Retrieved January 13, 2021.
  115. Roth, Andrew (January 11, 2021). "Global cyber-espionage campaign linked to Russian spying tools". The Guardian. Archived from the original on April 13, 2021. Retrieved January 13, 2021.
  116. Castronuovo, Celine (February 2, 2021). "US payroll agency targeted by Chinese hackers: report". TheHill. Archived from the original on February 12, 2021. Retrieved February 10, 2021.
  117. Pengelly, Martin (December 19, 2020). "Trump downplays government hack after Pompeo blames it on Russia". The Guardian. New York. Archived from the original on March 8, 2021. Retrieved December 19, 2020.
  118. Byrnes, Jesse (December 19, 2020). "Pompeo: Russia 'pretty clearly' behind massive cyberattack". The Hill. Archived from the original on March 2, 2021. Retrieved December 19, 2020.
  119. "Trump downplays massive US cyberattack, points to China". Deutsche Welle. December 19, 2020. Archived from the original on March 3, 2021. Retrieved December 19, 2020.
  120. "US cyber-attack: Around 50 firms 'genuinely impacted' by massive breach". BBC News. December 20, 2020. Archived from the original on March 11, 2021. Retrieved December 21, 2020.
  121. King, Laura; Wilber, Del Quentin (December 20, 2020). "Trump finds himself isolated in refusal to blame Russia for big cyberattack". Los Angeles Times. Archived from the original on February 22, 2021. Retrieved December 21, 2020.
  122. Janfaza, Rachel (December 21, 2020). "Barr contradicts Trump by saying it 'certainly appears' Russia behind cyberattack". cnn.com. CNN. Archived from the original on January 2, 2021. Retrieved December 26, 2020.
  123. Wilkie, Christina (December 21, 2020). "Attorney General Barr breaks with Trump, says SolarWinds hack 'certainly appears to be the Russians'". CNBC. NBCUniversal News Group. Archived from the original on April 12, 2021. Retrieved December 22, 2020.
  124. Sanger, David E.; Rappeport, Alan (December 22, 2020). "Treasury Department's Senior Leaders Were Targeted by Hacking". New York Times. Archived from the original on March 28, 2021. Retrieved December 23, 2020.
  125. "US: Hack of Federal Agencies 'Likely Russian in Origin'". SecurityWeek. Associated Press. January 5, 2021. Archived from the original on February 11, 2021. Retrieved January 13, 2021.
  126. Goodin, Dan (January 6, 2021). "Bucking Trump, NSA and FBI say Russia was "likely" behind SolarWinds hack". Ars Technica. Archived from the original on February 7, 2021. Retrieved January 11, 2021.
  127. "Russians are 'likely' perpetrators of US government hack, official report says". The Guardian. Reuters. January 5, 2021. Archived from the original on April 13, 2021. Retrieved January 13, 2021.
  128. "Oversight of the Federal Bureau of Investigation". fbi.gov. Federal Bureau of Investigation. Archived from the original on June 10, 2021. Retrieved June 11, 2021.
  129. Fox, Ben; Bajak, Frank (December 15, 2020). "U.S. Agencies and Companies Secure Networks After Huge Hack". Time. Associated Press. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  130. Cimpanu, Catalin (December 14, 2020). "SEC filings: SolarWinds says 18,000 customers were impacted by recent hack". ZDNet. Archived from the original on December 15, 2020. Retrieved December 15, 2020.
  131. Richards, Zoë (December 15, 2020). "Report: Massive Russian Hack Effort Breached DHS, State Department And NIH". Talking Points Memo. Archived from the original on December 15, 2020. Retrieved December 17, 2020.
  132. Jankowicz, Mia; Davis, Charles (December 14, 2020). "These big firms and US agencies all use software from the company breached in a massive hack being blamed on Russia". Business Insider. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  133. "SolarWinds: The Hunt to Figure Out Who Was Breached". bankinfosecurity.com. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  134. "Hack may have exposed deep US secrets; damage yet unknown". The Independent. Associated Press. December 15, 2020. Archived from the original on December 18, 2020. Retrieved December 16, 2020.
  135. Fox, Ben; Bajak, Frank (December 14, 2020). "US agencies, companies secure networks after huge hack". AP NEWS. Archived from the original on December 18, 2020. Retrieved December 16, 2020.
  136. "Deep US institutional secrets may have been exposed in hack blamed on Russia". The Guardian. December 16, 2020. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  137. "Emergency Directive 21-01". cyber.dhs.gov. December 13, 2020. Archived from the original on December 15, 2020. Retrieved December 15, 2020.
  138. O'Neill, Patrick Howell (December 15, 2020). "How Russian hackers infiltrated the US government for months without being spotted". MIT Technology Review. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  139. "SolarWinds advanced cyberattack: What happened and what to do now". Malwarebytes Labs. December 14, 2020. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  140. "Overview of Recent Sunburst Targeted Attacks". Trend Micro. December 15, 2020. Archived from the original on December 15, 2020. Retrieved December 18, 2020.
  141. Robertson, Jordan; Mehrotra, Kartikay; Turton, William (December 18, 2020). "Hackers' Monthslong Head Start Hamstrings Probe of U.S. Breach". Bloomberg. Archived from the original on April 19, 2021. Retrieved December 18, 2020.
  142. "Hacked networks will need to be burned 'down to the ground'". The Independent. Associated Press. December 18, 2020. Archived from the original on December 19, 2020.
  143. Satter, Raphael (December 24, 2020). "Experts who wrestled with SolarWinds hackers say cleanup could take months - or longer". Reuters. Archived from the original on July 15, 2021. Retrieved March 25, 2023.
  144. Suderman, Alan; Tucker, Eric (July 31, 2021). "Justice Department says Russians hacked federal prosecutors". AP NEWS. Archived from the original on July 31, 2021. Retrieved July 31, 2021.
  145. Rashbaum, William K.; Protess, Ben; Vogel, Kenneth P.; Hong, Nicole (May 27, 2021). "Prosecutors Investigating Whether Ukrainians Meddled in 2020 Election". The New York Times. Archived from the original on June 12, 2021. Retrieved July 31, 2021.
  146. "Biden taps trusted figures to lead US climate fight; FDA says Moderna vaccine is highly protective; SolarWinds hack fallout spreads". The World from PRX. December 16, 2020. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  147. Wolf, Zachary B. (December 16, 2020). "The suspected Russian hack of the US government, explained". CNN. Archived from the original on August 11, 2022. Retrieved March 24, 2023.
  148. Geller, Eric; Rayasam, Renuka; Ward, Myah (December 17, 2020). "The Big Hack: What we know, what we don't". Politico. Archived from the original on January 26, 2021. Retrieved December 19, 2020.
  149. Bing, Christopher (December 13, 2020). "EXCLUSIVE-U.S. Treasury breached by hackers backed by foreign government – sources". Reuters. Archived from the original on December 15, 2020. Retrieved December 18, 2020.
  150. Nakashima, Ellen; Timberg, Craig (December 14, 2020). "DHS, State and NIH join list of federal agencies — now five — hacked in major Russian cyberespionage campaign". The Washington Post. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  151. Cohen, Zachary; Salama, Vivian; Fung, Brian (December 14, 2020). "US officials scramble to deal with suspected Russian hack of government agencies". CNN. Archived from the original on December 16, 2020. Retrieved December 18, 2020.
  152. Haynes, Deborah (December 18, 2020). "US nuclear agency a target in 'massive' cyber attack on federal government by suspected Russian hackers". Sky News. Archived from the original on February 18, 2021. Retrieved December 18, 2020.
  153. Abrams, Lawrence (December 19, 2020). "The SolarWinds cyberattack: The hack, the victims, and what we know". BleepingComputer. Archived from the original on May 29, 2021. Retrieved December 19, 2020.
  154. Dozier, Kimberly (December 18, 2020). "U.S. Cyber Experts Scramble to Assess the Scope of the 'Hack of a Decade'". Time. Archived from the original on May 15, 2021. Retrieved December 19, 2020.
  155. Sanger, David E.; Perlroth, Nicole; Barnes, Julian E. (January 2, 2021). "As Understanding of Russian Hacking Grows, So Does Alarm". The New York Times. Archived from the original on June 6, 2021. Retrieved March 24, 2023.
  156. Stubbs, Jack; Satter, Raphael; Menn, Joseph (December 15, 2020). "U.S. Homeland Security, thousands of businesses scramble after suspected Russian hack". Reuters. Archived from the original on December 15, 2020. Retrieved December 18, 2020.
  157. Newman, Lily Hay (February 27, 2021). "The SolarWinds Body Count Now Includes NASA and the FAA". Wired. Archived from the original on March 10, 2021. Retrieved March 16, 2021.
  158. Jowitt, Tom (February 21, 2020). "US DoD Department Hacked And Data Compromised | Silicon UK Tech News". Silicon UK. Archived from the original on January 18, 2021. Retrieved June 4, 2021.
  159. Bertrand, Natasha; Wolff, Eric (December 17, 2020). "Nuclear weapons agency breached amid massive cyber onslaught". Politico. Archived from the original on December 17, 2020. Retrieved December 17, 2020.
  160. "Nuclear Weapons Agency Hacked in Widening Cyberattack – Report". threatpost.com. December 17, 2020. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  161. Goodin, Dan (December 17, 2020). "Microsoft is reportedly added to the growing list of victims in SolarWinds hack". Ars Technica. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  162. "Department of Energy says it was hacked in suspected Russian campaign". NBC News. December 18, 2020. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  163. Zurier, Steve (December 21, 2020). "Security experts warn of long-term risk tied to Energy Department breach". SC Media. Archived from the original on January 26, 2021. Retrieved December 23, 2020.
  164. Perlroth, Nicole (December 31, 2020). "Microsoft Says Russian Hackers Viewed Some of Its Source Code". The New York Times. Archived from the original on June 7, 2021. Retrieved January 13, 2021.
  165. Suderman, Alan (March 28, 2021). "AP sources: SolarWinds hack got emails of top DHS officials". Associated Press. Archived from the original on March 17, 2023. Retrieved March 25, 2023.
  166. Paul, Kari (January 6, 2021). "DoJ confirms email accounts breached by SolarWinds hackers". The Guardian. Archived from the original on April 17, 2021. Retrieved January 13, 2021.
  167. "Justice Department Says It's Been Affected by Russian Hack". SecurityWeek. Associated Press. January 6, 2021. Archived from the original on January 22, 2021. Retrieved January 11, 2021.
  168. Claburn, Thomas (January 7, 2021). "JetBrains' build automation software eyed as possible enabler of SolarWinds hack". The Register. Archived from the original on February 2, 2021. Retrieved January 12, 2021.
  169. Perlroth, Nicole; Sanger, David E.; Barnes, Julian E. (January 6, 2021). "Widely Used Software Company May Be Entry Point for Huge U.S. Hacking". The New York Times. Archived from the original on May 31, 2021. Retrieved January 12, 2021.
  170. Gatlan, Sergiu (January 6, 2021). "SolarWinds hackers had access to over 3,000 US DOJ email accounts". BleepingComputer. Archived from the original on April 16, 2021. Retrieved January 13, 2021.
  171. Volz, Dustin; McMillan, Robert (January 7, 2021). "Federal Judiciary's Systems Likely Breached in SolarWinds Hack". WSJ. Archived from the original on June 7, 2021. Retrieved January 12, 2021.
  172. Alder, Madison (January 6, 2021). "SolarWinds Hack Compromises U.S. Courts Electronic Filings (1)". Bloomberg Law. Archived from the original on February 1, 2021. Retrieved January 12, 2021.
  173. Miller, Maggie (January 7, 2021). "Federal judiciary likely compromised as part of SolarWinds hack". TheHill. Archived from the original on May 3, 2021. Retrieved January 12, 2021.
  174. Krebs, Brian (January 7, 2021). "Sealed U.S. Court Records Exposed in SolarWinds Breach". Krebs on Security. Archived from the original on March 13, 2021. Retrieved January 12, 2021.
  175. Starks, Tim (January 7, 2021). "Federal courts are latest apparent victim of SolarWinds hack". CyberScoop. Archived from the original on March 25, 2021. Retrieved January 12, 2021.
  176. Clark, Mitchell (January 7, 2021). "Federal courts go low-tech for sensitive documents following SolarWinds hack". The Verge. Archived from the original on January 28, 2021. Retrieved January 12, 2021.
  177. Kovacs, Eduard (January 8, 2021). "Probe Launched Into Impact of SolarWinds Breach on Federal Courts". SecurityWeek. Archived from the original on February 1, 2021. Retrieved January 12, 2021.
  178. Gatlan, Sergiu (January 7, 2021). "US Judiciary adds safeguards after potential breach in SolarWinds hack". BleepingComputer. Archived from the original on April 16, 2021. Retrieved January 13, 2021.
  179. Corfield, Gareth (January 8, 2021). "US courts system fears SolarWinds snafu could have let state hackers poke about in sealed case documents". The Register. Archived from the original on February 2, 2021. Retrieved January 13, 2021.
  180. Stubbs, Jack; McNeill, Ryan (December 18, 2020). "SolarWinds hackers broke into U.S. cable firm and Arizona county, web records show". Reuters. Archived from the original on December 22, 2020. Retrieved December 18, 2020.
  181. Stubbs, Jack (December 19, 2020). "Hackers' broad attack sets cyber experts worldwide scrambling to defend networks". Reuters. Archived from the original on February 15, 2021. Retrieved December 19, 2020.
  182. Volz, Kevin Poulsen, Robert McMillan and Dustin (December 21, 2020). "WSJ News Exclusive | SolarWinds Hack Victims: From Tech Companies to a Hospital and University". Wall Street Journal. Archived from the original on June 7, 2021. Retrieved January 12, 2021 – via www.wsj.com.{{cite news}}: CS1 maint: multiple names: authors list (link)
  183. King, Ian; Mehrotra, Kartikay (December 18, 2020). "Cisco Latest Victim of Russian Cyber-Attack Using SolarWinds". Bloomberg. Archived from the original on December 21, 2020. Retrieved December 19, 2020.
  184. Asokan, Akshaya; Schwartz, Mathew J. (December 17, 2020). "SolarWinds Supply Chain Hit: Victims Include Cisco, Intel". Bank Info Security. Archived from the original on January 18, 2021. Retrieved December 19, 2020.
  185. Brewster, Thomas (December 19, 2020). "SolarWinds Hack: Cisco And Equifax Amongst Corporate Giants Finding Malware... But No Sign Of Russian Spies". Forbes. Archived from the original on February 18, 2021. Retrieved December 19, 2020.
  186. Schmaltz, Trey (December 18, 2020). "La. retirement system warned it may have been target of Russian hack; Cox also investigating". WBRZ. Archived from the original on February 3, 2021. Retrieved December 18, 2020.
  187. Cimpanu, Catalin (January 26, 2021). "Four security vendors disclose SolarWinds-related incidents". ZDNet. Archived from the original on March 4, 2021. Retrieved February 1, 2021. This week, four new cyber-security vendors -- Mimecast, Qualys, Palo Alto Networks, and Fidelis -- have added their names to the list of companies that have installed trojanized versions of the SolarWinds Orion app.
  188. Dailey, Natasha (January 19, 2021). "Cybersecurity firm Malwarebytes was hacked by 'Dark Halo,' the same group that breached SolarWinds last year". Business Insider. Archived from the original on January 30, 2021. Retrieved March 16, 2021.
  189. Sebenius, Alyza (January 19, 2021). "Suspected Russian Hackers Targeted Cyber Firm Malwarebytes". Bloomberg. Archived from the original on February 2, 2021. Retrieved March 16, 2021.
  190. Satter, Raphael (January 19, 2021). "Malwarebytes says some of its emails were breached by SolarWinds hackers". Reuters. Archived from the original on February 19, 2021. Retrieved March 16, 2021.
  191. Menn, Joseph (December 18, 2020). "Exclusive: Microsoft breached in suspected Russian hack using SolarWinds – sources". Reuters. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  192. Cimpanu, Catalin (December 17, 2020). "Microsoft confirms it was also breached in recent SolarWinds supply chain hack". ZDNet. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  193. Bass, Dina (December 18, 2020). "Microsoft Says Its Systems Were Exposed to SolarWinds Hack". Bloomberg L.P. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  194. Novet, Jordan (December 17, 2020). "Microsoft was reportedly swept up in SolarWinds hack". CNBC. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  195. Thomson, Iain (December 18, 2020). "US nuke agency hacked by suspected Russian SolarWinds spies, Microsoft also installed backdoor". The Register. Archived from the original on April 8, 2022. Retrieved December 18, 2020.
  196. Torres, JC (December 18, 2020). "Microsoft acknowledges it was hacked via SolarWinds exploit". SlashGear. Archived from the original on February 18, 2021. Retrieved December 18, 2020.
  197. Robles, C. J. (December 17, 2020). "Microsoft, SolarWinds Hacking Can Be a National Security Issue?". Tech Times. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  198. Satter, Raphael; Menn, Joseph (January 1, 2021). "SolarWinds hackers accessed Microsoft source code, the company says". Reuters. Archived from the original on November 20, 2022. Retrieved March 25, 2023. Modifying source code — which Microsoft said the hackers did not do — could have potentially disastrous consequences given the ubiquity of Microsoft products, which include the Office productivity suite and the Windows operating system. But experts said that even just being able to review the code could offer hackers insight that might help them subvert Microsoft products or services.
  199. Smith, Chris (January 1, 2021). "Here's why it's so dangerous that SolarWinds hackers accessed Microsoft's source code". BGR. Archived from the original on February 26, 2021. Retrieved January 13, 2021. More than two weeks after the hacks, Microsoft disclosed that the attackers were able to access a critical piece of software, the source code from one or more undisclosed products. Microsoft explained in a blog post that the hackers were not able to modify the source code. But even just a glance at a source code from a company like Microsoft might be enough for hackers to develop new attacks that compromise other Microsoft products. ... Microsoft's blog post is meant to reassure governments and customers, but the fact remains that hackers might be in possession of the kind of secrets they shouldn't have access to. Time will tell if gaining access to Microsoft's source code will allow the same team of attackers to create even more sophisticated hacks.
  200. Hope, Alicia (January 7, 2021). "Software Giant Admits That SolarWinds Hackers Viewed Microsoft Source Code". CPO Magazine. Archived from the original on January 26, 2021. Retrieved January 13, 2021. Microsoft disclosed [that] the hacking group behind the SolarWinds attack also viewed Microsoft source code for unnamed products. ... Microsoft, however, downplayed the breach, saying that the security of its products does not depend on the secrecy of its source code. Contrarily, Microsoft source code for most high-profile products remains to be among the most jealously guarded corporate secrets, shared only with a few trusted customers and governments.
  201. Stanley, Alyse (December 31, 2020). "Microsoft Says SolarWinds Hackers Also Broke Into Company's Source Code". Gizmodo. Archived from the original on January 27, 2021. Retrieved January 13, 2021. While hackers may not have been able to change Microsoft's source code, even just sneaking a peek at the company's secret sauce could have disastrous consequences. Bad actors could use that kind of insight into the inner workings of Microsoft's services to help them circumvent its security measures in future attacks. The hackers essentially scored blueprints on how to potentially hack Microsoft products.
  202. Bradley, Susan (January 4, 2021). "SolarWinds, Solorigate, and what it means for Windows updates". Computerworld. Archived from the original on March 22, 2021. Retrieved January 13, 2021. Microsoft investigated further and found that while the attackers were not able to inject themselves into Microsoft's ADFS/SAML infrastructure, 'one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made.' This is not the first time Microsoft's source code has been attacked or leaked to the web. In 2004, 30,000 files from Windows NT to Windows 2000 leaked onto the web via a third party. Windows XP reportedly leaked online last year.
  203. Satter, Raphael (December 31, 2020). "Microsoft says SolarWinds hackers were able to view its source code but didn't have the ability to modify it". Business Insider. Archived from the original on January 14, 2021. Retrieved January 13, 2021. Ronen Slavin, [chief technology officer at source code protection company Cycode], said a key unanswered question was which source code repositories were accessed. ... Slavin said he was also worried by the possibility that the SolarWinds hackers were poring over Microsoft's source code as prelude for something more ambitious. 'To me the biggest question is, "Was this recon for the next big operation?"' he said.
  204. Spring, Tom (January 12, 2021). "Critical Microsoft Defender Bug Actively Exploited; Patch Tuesday Offers 83 Fixes". Threatpost. Archived from the original on April 1, 2021. Retrieved January 13, 2021. Last month, Microsoft said state-sponsored hackers had compromised its internal network and leveraged additional Microsoft products to conduct further attacks.
  205. "Email security firm Mimecast says hackers hijacked its products to spy on customers". Reuters. January 12, 2021. Archived from the original on January 12, 2021. Retrieved January 13, 2021. Three cybersecurity investigators, who spoke on condition of anonymity to discuss details of an ongoing probe, told Reuters they suspected the hackers who compromised Mimecast were the same group that broke into U.S. software maker SolarWinds and a host of sensitive U.S. government agencies.
  206. Kovacs, Eduard (January 13, 2021). "Mimecast Discloses Certificate Incident Possibly Related to SolarWinds Hack". SecurityWeek.Com. Archived from the original on March 17, 2021. Retrieved January 13, 2021. According to Mimecast, it learned from Microsoft that hackers had compromised a certificate used to authenticate Mimecast Continuity Monitor, Internal Email Protect (IEP), and Sync and Recover products with Microsoft 365 Exchange Web Services. ... The company has not shared any details about the attacks abusing the compromised certificate, but some experts have speculated that the certificate may have allowed the hackers to intercept Mimecast customers' communications. ... According to Reuters, people with knowledge of the situation believe this incident may be related to the recently disclosed supply chain attack involving Texas-based IT management solutions provider SolarWinds.
  207. Seals, Tara (January 12, 2021). "Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack". Threatpost. Archived from the original on March 17, 2021. Retrieved January 13, 2021. Mimecast provides email security services that customers can apply to their Microsoft 365 accounts by establishing a connection to Mimecast's servers... A compromise means that cyberattackers could take over the connection, though which inbound and outbound mail flows, researchers said. It would be possible to intercept that traffic, or possibly to infiltrate customers' Microsoft 365 Exchange Web Services and steal information. 'The attack against Mimecast and their secure connection to Microsoft's Office 365 infrastructure appears to be the work of the same sophisticated attackers that breached SolarWinds and multiple government agencies,' Saryu Nayyar, CEO at Gurucul, said via email.
  208. "SolarWinds attackers suspected in Microsoft authentication compromise". SC Media. January 12, 2021. Archived from the original on February 27, 2021. Retrieved January 13, 2021.
  209. Spadafora, Anthony (January 12, 2021). "Mimecast may also have been a victim of the SolarWinds hack campaign". TechRadar. Archived from the original on January 13, 2021. Retrieved January 13, 2021. The reason that Mimecast may have been attacked by the same threat actor behind the SolarWinds hack is due to the fact that these hackers often add authentication tokens and credentials to Microsoft Active Directory domain accounts in order to maintain persistence on a network and to achieve privilege escalation.
  210. McMillan, Robert (January 13, 2021). "SolarWinds Hackers' Attack on Email Security Company Raises New Red Flags". WSJ. Archived from the original on June 7, 2021. Retrieved January 13, 2021. The Mimecast hackers used tools and techniques that link them to the hackers who broke into Austin, Texas-based SolarWinds Corp., according to people familiar with the investigation. The link to the SolarWinds hackers was reported earlier by Reuters.
  211. "FireEye Red Team Tool Countermeasures". GitHub. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  212. Abrams, Lawrence (December 15, 2020). "Microsoft to quarantine compromised SolarWinds binaries tomorrow". BleepingComputer. Archived from the original on December 16, 2020. Retrieved December 17, 2020.
  213. Lyngaas, Sean (December 23, 2020). "Grid regulator warns utilities of risk of SolarWinds backdoor, asks how exposed they are". CyberScoop. Archived from the original on February 16, 2021. Retrieved December 24, 2020.
  214. Brandom, Russell (December 15, 2020). "SolarWinds hides list of high-profile customers after devastating hack". The Verge. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  215. Varghese, Sam (December 15, 2020). "iTWire - Backdoored Orion binary still available on SolarWinds website". iTWire. Archived from the original on December 14, 2020. Retrieved December 25, 2020.
  216. Kovacs, Eduard (January 6, 2021). "Class Action Lawsuit Filed Against SolarWinds Over Hack". SecurityWeek.Com. Archived from the original on February 1, 2021. Retrieved January 13, 2021.
  217. McCarthy, Kieren (January 5, 2021). "Ah, right on time: Hacker-slammed SolarWinds sued by angry shareholders". The Register. Archived from the original on March 17, 2021. Retrieved January 13, 2021.
  218. Kovacs, Eduard (January 8, 2021). "SolarWinds Taps Firm Started by Ex-CISA Chief Chris Krebs, Former Facebook CSO Alex Stamos". SecurityWeek.Com. Archived from the original on February 19, 2021. Retrieved January 13, 2021.
  219. Vaughan-Nichols, Steven J. (January 14, 2021). "SolarWinds defense: How to stop similar attacks". ZDNet. Archived from the original on March 10, 2021. Retrieved January 15, 2021.
  220. "Potentially major hack of government agencies disclosed". CBS News. December 14, 2020. Archived from the original on December 15, 2020. Retrieved December 16, 2020.
  221. Tucker, Eric; Krisher, Tom; Bajak, Frank (December 14, 2020). "US government agencies, including Treasury, hacked; Russia possible culprit". WTVD. Associated Press. Archived from the original on December 14, 2020. Retrieved December 15, 2020.
  222. Geller, Eric (December 14, 2020). "'Massively disruptive' cyber crisis engulfs multiple agencies". Politico. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  223. Kaplan, Fred (December 15, 2020). "Trump Has Been Whining About Fake Fraud—and Ignoring a Real Cybersecurity Crisis". Slate. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  224. O'Connor, Tom; Jamali, Naveed (December 14, 2020). "US vows 'swift action' if defense networks hit by alleged Russia hack". Newsweek. Archived from the original on December 16, 2020. Retrieved December 16, 2020.
  225. Kovacs, Eduard (December 17, 2020). "FBI, CISA, ODNI Describe Response to SolarWinds Attack". SecurityWeek.com. Archived from the original on December 18, 2020. Retrieved December 18, 2020.
  226. Satter, Raphael (December 24, 2020). "U.S. cyber agency says SolarWinds hackers are 'impacting' state, local governments". Reuters. Archived from the original on January 1, 2021. Retrieved December 25, 2020 – via uk.reuters.com.
  227. Silverman, Craig (July 8, 2024). "The President Ordered a Board to Probe a Massive Russian Cyberattack. It Never Did". ProPublica. Retrieved July 9, 2024.
  228. Daugherty, Alex (December 18, 2020). "Intel chairman Rubio says 'America must retaliate' after massive cyber hack". Miami Herald. Archived from the original on December 27, 2020. Retrieved December 19, 2020.
  229. Dwyer, Colin (December 19, 2020). "Pompeo Says Russia 'Pretty Clearly' Behind Cyberattack, Prompting Pushback From Trump". NPR. Archived from the original on June 3, 2021. Retrieved December 20, 2020.
  230. Vavra, Shannon (December 23, 2020). "Lawmakers want more transparency on SolarWinds breach from State, VA". CyberScoop. Archived from the original on January 26, 2021. Retrieved December 24, 2020.
  231. Cameron, Dell (December 24, 2020). "Veterans Affairs Officials Inexplicably Blow Off Briefing on SolarWinds Hack". Gizmodo. Archived from the original on January 21, 2021. Retrieved December 25, 2020.
  232. Paul, Kari (December 17, 2020). "Hacking campaign targeted US energy, treasury and commerce agencies". The Guardian. Archived from the original on December 17, 2020. Retrieved December 18, 2020.
  233. Sink, Justin (December 19, 2020). "Trump Downplays Huge Hack Tied to Russia, Suggests China". Bloomberg. Archived from the original on January 5, 2021. Retrieved March 25, 2023.
  234. Canales, Katie (December 19, 2020). "Former US cybersecurity chief Chris Krebs warned not to 'conflate' voting system security with SolarWinds hack despite Trump's claim". Business Insider. Archived from the original on December 20, 2020. Retrieved December 20, 2020.
  235. Bing, Christopher; Landay, Jonathan (December 19, 2020). "Trump downplays impact of massive hacking, questions Russia involvement". Reuters. Archived from the original on January 4, 2021. Retrieved December 19, 2020.
  236. Murdock, Jason (December 17, 2020). "Russia Could Fake Government Emails After SolarWinds Hack: Ex-Trump Adviser". Newsweek. Archived from the original on August 8, 2022. Retrieved March 25, 2023.
  237. Satter, Raphael (December 20, 2020). "Biden chief of staff says hack response will go beyond 'just sanctions'". Reuters. Archived from the original on April 7, 2021. Retrieved December 20, 2020.
  238. Fabian, Jordan; Epstein, Jennifer (December 22, 2020). "Biden Says Hack of U.S. Shows Trump Failed at Cybersecurity". Bloomberg. Archived from the original on April 7, 2022. Retrieved December 23, 2020.
  239. Lewis, Simon (December 23, 2020). "Trump must blame Russia for cyber attack on U.S., Biden says". Reuters. Archived from the original on January 21, 2021. Retrieved December 23, 2020.
  240. Sanger, David E. (January 13, 2021). "Biden to Restore Homeland Security and Cybersecurity Aides to Senior White House Posts". The New York Times. Archived from the original on March 29, 2021. Retrieved January 13, 2021. President-elect Joseph R. Biden Jr., facing the rise of domestic terrorism and a crippling cyberattack from Russia, is elevating two White House posts that all but disappeared in the Trump administration: a homeland security adviser to manage matters as varied as extremism, pandemics and natural disasters, and the first deputy national security adviser for cyber and emerging technology. ... Mr. Trump dismantled the National Security Council's pandemic preparedness office, and while he had an active cyberteam at the beginning of his term, it languished. 'It's disturbing to be in a transition moment when there really aren't counterparts for that transition to be handed off,' Ms. Sherwood-Randall said. ... The SolarWinds hacking, named after the maker of network management software that Russian intelligence agents are suspected of having breached to gain access to the email systems of government agencies and private companies, was a huge intelligence failure.
  241. "Microsoft hack: White House warns of 'active threat' of email attack". BBC News. March 6, 2021. Archived from the original on March 7, 2021. Retrieved March 6, 2021.
  242. Sanger, David E.; Barnes, Julian E.; Perlroth, Nicole (March 7, 2021). "Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China". The New York Times. Archived from the original on March 11, 2021. Retrieved March 15, 2021.
  243. Tucker, Eric; Madhani, Aamer (April 15, 2021). "US retaliates against Russian hacking by expelling diplomats, imposing new sanctions". FOX 10 Phoenix. Associated Press. Archived from the original on December 18, 2022. Retrieved April 15, 2021.
  244. Jain, Akshita; Spocchia, Gino (April 15, 2021). "Biden expels Russian diplomats and announces new sanctions in retaliation for hacking". The Independent. Archived from the original on April 15, 2021. Retrieved April 15, 2021.
  245. "US expels Russian diplomats, issues sanctions". DW. April 15, 2021. Archived from the original on January 7, 2023. Retrieved March 25, 2023.
  246. Corera, Gordon (December 18, 2020). "SolarWinds: UK assessing impact of hacking campaign". BBC News. Archived from the original on March 11, 2021. Retrieved December 18, 2020.
  247. "UK organisations using SolarWinds Orion platform should check whether personal data has been affected". ico.org.uk. December 23, 2020. Archived from the original on January 27, 2021. Retrieved December 23, 2020.
  248. Paas-Lang, Christian (December 19, 2020). "CSE warns companies to check IT systems following SolarWinds hack". CBC. Archived from the original on March 30, 2021. Retrieved December 25, 2020.
  249. "Canadian Centre for Cyber Security". Canadian Centre for Cyber Security. August 15, 2018. Archived from the original on May 24, 2021. Retrieved December 25, 2020.
  250. Wolfe, Jan; Pierson, Brendan (December 19, 2020). "Explainer-U.S. government hack: espionage or act of war?". Reuters. Archived from the original on March 25, 2023. Retrieved December 19, 2020.
  251. Dilanian, Ken (December 18, 2020). "Suspected Russian hack: Was it an epic cyber attack or spy operation?". NBC News. Archived from the original on March 11, 2021. Retrieved December 19, 2020.
  252. Erica Borghard; Jacquelyn Schneider (December 17, 2020). "Russia's Hack Wasn't Cyberwar. That Complicates US Strategy". Wired. Archived from the original on December 18, 2020. Retrieved December 17, 2020.
  253. Goldsmith, Jack (December 18, 2020). "Self-Delusion on the Russia Hack". thedispatch.com. Archived from the original on May 16, 2021. Retrieved December 18, 2020.
  254. Schmitt, Michael (December 21, 2020). "Russia's SolarWinds Operation and International Law". Just Security. Archived from the original on May 29, 2021. Retrieved December 23, 2020.
  255. Goodin, Dan (December 18, 2020). "Microsoft president calls SolarWinds hack an 'act of recklessness'". Ars Technica. Archived from the original on May 7, 2021. Retrieved December 18, 2020.
  256. "US cyber-attack: US energy department confirms it was hit by Sunburst hack". BBC News. December 18, 2020. Archived from the original on June 6, 2021. Retrieved December 18, 2020.
  257. Schneier, Bruce (December 23, 2020). "The US has suffered a massive cyberbreach. It's hard to overstate how bad it is". The Guardian. Archived from the original on May 7, 2021. Retrieved December 23, 2020.
  258. Kolbe, Paul R. (December 24, 2020). "With Hacking, the United States Needs to Stop Playing the Victim". The New York Times. ProQuest 2473435248. Archived from the original on May 19, 2021. Retrieved December 24, 2020.
External links