The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) have issued a joint statement outlining each of their roles in investigating and responding to the recently disclosed SolarWinds breach, which they described as a “significant and ongoing cybersecurity campaign.”
The organizations have formed a Cyber Unified Coordination Group (UCG) whose goal is to unify their efforts.
“This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government,” the statement reads.
The FBI has been tasked with collecting intelligence that can help attribute the attack to a threat actor and disrupt their activities. The agency is also working with victims to obtain information that can be useful to the government and network defenders.
Shortly after the incident came to light, CISA issued an emergency directive, instructing federal agencies to immediately take action to detect attacks, collect forensic evidence, and eject the attackers from a compromised network. CISA is also providing technical assistance to impacted organizations that reach out to the agency.
As for ODNI, it’s “helping to marshal all of the Intelligence Community’s relevant resources to support this effort and share information across the United States Government.”
SolarWinds provides IT management and monitoring solutions to 300,000 organizations worldwide, including governments, educational institutions and businesses. The company says the incident could impact up to 18,000 customers of its Orion monitoring platform.
While the U.S. government has not shared a list of impacted agencies, media reports say victims include the DHS, the Commerce Department, the Treasury, the Defense Department, the State Department, and the National Institutes of Health.
Russia appears to be the main suspect, but the Kremlin has denied the accusations. If the U.S. government reaches the conclusion that a Russian threat actor launched the attack, they will likely state so publicly. The U.S. has officially accused Russia for several high-profile cyberattacks, it has indicted suspected Russian hackers, and it has sanctioned hacking-related entities.