In December, the United States became aware of a devastating cyber attack that targeted federal government systems like the treasury and commerce departments.
Russia was believed to have orchestrated the attack, which used US company SolarWinds (which provides services monitoring network outages) to gain access.
Now the Biden administration is planning its response and, according to the New York Times, is set to declare all-out cyberwar on Russia.
The site claims that, over the next few weeks, the US will start implementing a series of clandestine attacks against Russian networks. This is believed to serve as evidence to Vladimir Putin that the US is capable of retaliation.
This morning, several Russian websites – including the Kremlin government portal itself – seemingly went offline. The websites of the Government, Prime Minister, Roskomnadzor and other state departments were not opening on Wednesday morning.
What’s more, popular web services in Russia also appear to be suffering from throttled performance.
It’s not clear, as yet, whether this was a dedicated cyber attack by the US, but the possibility is not off the table.
The White House itself has not made any public comments about the international response to the SolarWinds hack, but it has been working with Microsoft on an investigation into the intrusion.
President Biden created the new post of deputy national security advisor for cyber and emerging technology, to deal with the SolarWinds investigation.
In terms of taking offensive action, back in August 2018 President Trump is believed to have signed a secret document giving US Cyber Command more authority to act aggressively when it comes to cyber warfare.
This is currently under review by the Biden administration.
What was the SolarWinds hack?
A US company called SolarWinds, which provides services monitoring government and business networks for outages, was hacked in early March of 2020.
The malware, which was installed on an update package for SolarWinds software Orion, gave hackers access to infected machines running the software. It was also able to proliferate through the network at large.
While security researchers are still speculating on the exact method, some think it could have been as simple as guessing the password.
A security researcher told Reuters that he found SolarWinds’ update server last year was the password ‘solarwinds123’.
Though the breach happened a year ago, it was not discovered until US cybersecurity company FireEye, which uses SolarWinds, found it had suffered a hack in December 2020.
The long lag between infection and discovery would have given hackers plenty of time to download highly sensitive information.
The US government is the most high-profile casualty and was the likely target of the hack.
FireEye executive Charles Carmakal said the company was aware of ‘dozens of incredibly high-value targets’ hackers had access to, and was helping ‘a number of organisations respond to their intrusions’.
But the potentially affected organisations could be vast, given the extensive client list that SolarWinds has.
The Austin, Texas-based company offers network-monitoring and other services to hundreds of thousands of organizations, including a swathe of Fortune 500 companies and government agencies in North America, Europe, Asia and the Middle East.
How serious was the SolarWinds hack?
Tech giant Microsoft lent expertise to try and help uncover the extent of the breach and didn’t mince words when it came to the severity of the attack.
‘As much as anything, this attack provides a moment of reckoning,’ wrote Microsoft president Brad Smith in a blog post.
‘The attack unfortunately represents a broad and successful espionage-based assault on both the confidential information of the U.S. Government and the tech tools used by firms to protect them,’ he wrote.
‘The attack is ongoing and is being actively investigated and addressed by cybersecurity teams in the public and private sectors, including Microsoft. As our teams act as first responders to these attacks, these ongoing investigations reveal an attack that is remarkable for its scope, sophistication and impact.
‘The installation of this malware created an opportunity for the attackers to follow up and pick and choose from among these customers the organizations they wanted to further attack, which it appears they did in a narrower and more focused fashion.
‘While investigations (and the attacks themselves) continue, Microsoft has identified and has been working this week to notify more than 40 customers that the attackers targeted more precisely and compromised through additional and sophisticated measures.’