Pierluigi Paganini April 15, 2021

The U.S. and UK attributed with “high confidence” the recently disclosed supply chain attack on SolarWinds to Russia’s Foreign Intelligence Service (SVR).

The U.S. and U.K. attributed with “high confidence” the supply chain attack on SolarWinds to operatives working for Russia’s Foreign Intelligence Service (SVR) (aka APT29, Cozy Bear, and The Dukes).

The UK, US and their international partners blame Russia of attempting to destabilize our societies.

“The UK and US are today calling out Russia for carrying out the SolarWinds compromise, part of a wider pattern of activities by the Russian Intelligence Services against the UK and our allies.”reads the press release published by the U.K. government.

“Russia’s pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services – demonstrates that Russia remains the most acute threat to the UK’s national and collective security.”

According to the US government, the SolarWinds attack was conducted by the SVR, nation-state actors compromised U.S. government and private organizations in many industries, including the financial sector and critical infrastructure.

The SVR also stole “red team tools,” used by security firms to mimic the techniques of attacks associated with known threat actors and help their customers to detect them.  

The Biden administration announced the US government is expelling 10 Russian diplomats and imposing sanctions against technology firms and people linked to Russian intelligence that attempted to interfere in last year’s presidential election and for conducting cyberattacks against federal agencies.

“Today, the U.S. Department of the Treasury took multiple sanctions actions under a new Executive Order (E.O.) targeting aggressive and harmful activities by the Government of the Russian Federation.”states the U.S. Department of the Treasury. “Treasury’s actions include the implementation of new prohibitions on certain dealings in Russian sovereign debt, as well as targeted sanctions on technology companies that support the Russian Intelligence Services’ efforts to carry out malicious cyber activities against the United States.”

The sanctions against Russia have been imposed for:

• undermining the conduct of free and fair elections and democratic institutions in the United States and its allies and partners;
• engaging in and facilitating malicious cyber activities against the United States and its allies and partners that threaten the free flow of information;
• fostering and using transnational corruption to influence foreign governments;
• pursuing extraterritorial activities targeting dissidents or journalists;
• undermining security in countries and regions important to the United States’ national security; and violating well-established principles of international law, including respect for the territorial integrity of states.

The following six technology companies were accused of providing support to the cyber operations carried out by Russian Intelligence Services:

• ERA Technopolis;
• Pasit, AO (Pasit); 
• Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA); 
• Neobit, OOO (Neobit); 
• Advanced System Technology, AO (AST);
• Pozitiv Teknolodzhiz, AO (Positive Technologies).

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, SVR)

[adrotate banner=”5″]

[adrotate banner=”13″]