Russia, not China, is behind SolarWinds hack, security council says

The FBI, CSIA, and NSA released a joint statement to update the public and refute Trump's claims about China being the culprit.

The Washington Post/The Washington Post/Getty Images

Contrary to the narrative President Trump is pushing on social media, Russia is “likely” the source of the recent large-scale cyberattacks on the United States, according to a joint statement from the Cyber Unified Coordination Group (UCG). The announcement also makes it clear that the coordinated attacks are probably still in progress, and that investigations into the operation are not complete.

The UCG is comprised of the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA). In other words, the vast majority of the United States’ intelligence community is currently working on this project. This is an all-hands-on-deck situation.

Though it’s been surmised that the ongoing attack is Russian in origin, this is the intelligence community’s most concrete announcement yet. It’s a near-direct rebuttal to Trump’s assertions that the hack is being carried out by China.

Lots of catch-up — From the moment news of the hack broke, it’s been clear the intelligence community didn’t see this coming and, in fact, probably didn’t know about it much before the public did. The UCG’s new statement, though carefully crafted, underscores that problem.

Senator Mark Warner, a Democrat from Virginia, criticized this slow response yesterday on Twitter. “Unfortunately, it has taken 3 weeks after discovering an intrusion this significant for the Administration to issue a tentative attribution,” he tweeted. “I hope we’ll begin to see a public declaration of U.S. policy towards indiscriminate supply chain infiltrations like this in the future.”

The UCG says it has so far identified “fewer than 10” government agencies that may have been compromised by the attack. Given the investigation’s snail pace thus far, it wouldn’t be surprising if this number keeps going up.

So…what now? — According to the UCG, the investigation is focused right now on identifying all victims of the hack and helping them remediate their systems. The group’s statement says the hack is a “serious compromise that will require a sustained and dedicated effort to remediate.” In other words: there’s a long road ahead before we can feel secure again.

If there’s any good news to be gleaned from this report, it’s that the UCG is still describing the hack as an “intelligence gathering effort.” For now, at least, it seems the investigation hasn’t uncovered any malware planted as part of the attack.

There’s obviously work to be done beyond just this attack, too — the failure of our warning systems to alert the intelligence community is nothing short of spectacular. There might not be any malware this time around, but next time could be much worse. The intelligence gathered here boils down to: we are not prepared.