Russian Embassy in Washington D.C. (Aaron Siirila, Wikimedia Commons/CC 2.5). 

Espionage Campaign Against U.S. Agencies Involved Known Russian Hackers

Russian hackers linked to attacks during the Obama Administration are suspected in the recent SolarWinds security breach.

New details have emerged regarding an extensive hacking operation that targeted federal agencies in the United States, offering additional supporting evidence that Russia was behind the attack. The operations are believed to have taken place over a period spanning several months, and have brought an unprecedented level of attention to a Texas-based IT company at the heart of the security breach.

BACKGROUND: What We Know About Russian Espionage

Over the weekend, several outlets reported that a meeting had been convened at the White House on Saturday to address a security breach, which affected agencies that included the U.S. Treasury and Commerce Departments. At that time, it remained unclear where the espionage effort might have originated from, although it was strongly suspected that Russia had been involved.

However, new details have emerged which further support the involvement of Russia’s Foreign Intelligence Service (SVR). The Washington Post reports that the Russian hacking group which carried out the attacks is known to U.S. authorities, according to sources they interviewed who spoke on background.

ANALYSIS: Russian Espionage Groups and How They Did It

The hacking group involved with the security breach, which gained access to email and other systems by exploiting an update in software provided by Texas-based IT company SolarWinds, were identified by the nicknames APT29, or Cozy Bear. Their work is well known to U.S. intelligence agencies, and is believed to have been responsible for similar espionage leveled against the State Department and the White House during the Obama administration, which also targeted email servers.

Current investigations by the FBI, as well as other U.S. government agencies related to cybersecurity are looking into the extent of damages, as well as to what degree sensitive information might have been compromised. It has also been learned that a range of victims outside the United States, which extends to countries like Europe, the Middle East, and parts of Asia, were also affected by the security breach.

Meanwhile, a statement posted on the Facebook page of The Embassy of Russia in Washington D.C. called accusations about its country’s involvement “baseless,” and largely media driven.

The statement, originally posted in Russian language, stated that “attacks in the information space contradict the foreign policy principles of our country, its national interests and understanding of how relations between states are built.”

The statement said Russia does not conduct what it called “offensive” operations “in a virtual environment.”

“Moreover, the Russian Federation is actively promoting bilateral and multilateral cybersecurity agreements,” the Embassy’s statement added, referring to a September 25 initiative announced by Vladimir Putin aimed at restoring “Russian-American interaction in the field of international information security.”

OUTLOOK: Tomorrow’s Hacking and Espionage Today

According to information posted at the SolarWinds website, the company has identified 18,000 customers which it says were “potentially affected by this security vulnerability.”

News of the hack has brought significant attention to the company, who prior to events of the last several days had been relatively unknown outside of the IT community and its customer base. Russia’s latest espionage campaign has changed that dynamic, placing an increased focus–much of it unwanted–on the company and the services it provides.

A Security Advisory issued by the company stated that it “will continue to communicate information as it’s available,” and that they “are actively engaged with law enforcement agencies and the intelligence community in investigating this situation.”