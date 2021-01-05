The U.S. government on Tuesday said a devastating hack of federal agencies is “likely Russian in origin” and said the operation appeared to be an “intelligence gathering” effort.

In their statement, the U.S. federal agencies said: “At this time, we believe this was, and continues to be, an intelligence gathering effort.”

The assessment was disclosed in a rare public statement from the FBI, ODNI, NSA, and CISA, member agencies of the Cyber Unified Coordination Group (UCG) created by the Trump administration following the hack.

Though Russia was widely believed to be responsible, President Donald Trump had in the past repeatedly refused to place blame on the country and claimed that China might be to blame.

Tuesday’s announcement, written on behalf of President Trump, left little doubt that Russia is behind the attack.

“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-government networks,” the UCG’s statement read in part. “At this time, we believe this was, and continues to be, an intelligence gathering effort.”

The breach, which was only recently discovered, has been underway since at least March of last year. Hackers originally implanted malicious code into SolarWinds’ software updates, a Texas-based company used by a wide range of federal agencies and private companies alike to manage their networks.

In December, Microsoft identified more than 40 government agencies, think tanks, non-governmental organizations and IT companies infiltrated by the hackers. It said four in five were in the United States — nearly half of them tech companies — with victims also in Canada, Mexico, Belgium, Spain, the United Kingdom, Israel and the United Arab Emirates.

On Tuesday, the UCG said of the approximately 18,000 affected public and private sector customers of SolarWinds, the group has identified fewer than ten U.S. government agencies who fell victim to “follow-on activity on their systems” after the initial hack.

“This is a serious compromise that will require a sustained and dedicated effort to remediate. Since its initial discovery, the UCG, including hardworking professionals across the United States Government, as well as our private sector partners have been working non-stop,” Tuesday’s statement continued. “These efforts did not let up through the holidays. The UCG will continue taking every necessary action to investigate, remediate, and share information with our partners and the American people.”

U.S. officials, including Attorney General William Barr and Secretary of State Mike Pompeo, and cybersecurity experts have previously said Russia was to blame. But Trump, in a series of tweets late last month, sought to downplay the severity of the hack and raised the unsubstantiated idea that China could be responsible.

Tuesday’s statement makes clear that that is not the case, saying the intrusions are likely “Russian in origin.”

Russia has said it had “nothing to do” with the hacking.

