The network of numerous U.S. agencies and commercial computer organisations was breached by hackers thanks to the SolarWinds supply-chain attack, which the U.S. government has officially blamed on Russia.

The White House names the Cozy Bear group of skilled hackers as the perpetrators of the cyber espionage operation using the SolarWinds Orion platform in a statement announcing sanctions against Russia for actions against U.S. interests.

Clearly stated attribution
The White House press release reaffirms earlier media allegations citing unofficial sources that the SolarWinds attack was carried out by the Russian Foreign Intelligence Service, or SVR.

The Cyber Unified Coordination Group (UCG) gave an unnamed Russian-backed cyber group credit for the attack at the beginning of January.

Today, the SVR is officially held responsible by the White House for running “the broad-scope cyber espionage campaign” through its hacking unit, also known as APT29, The Dukes, or Cozy Bear.

According to the White House brief, “the U.S. Intelligence Community has high confidence in its judgement of attribution to the SVR.”

The SolarWinds Vulnerability Reactor (SVR) gained access to more than 16,000 machines worldwide by hacking into the software company’s supply chain. However, the campaign exclusively targeted a small number of targets, including state and federal institutions in the United States and businesses in the cybersecurity industry (FireEye, Malwarebytes, Mimecast). The National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) of the United States have issued a joint cybersecurity advisory warning about the top five vulnerabilities the SVR is utilising in attacks against American interests.

Organizations should heed the warning and take the appropriate precautions to spot and guard against the SVR’s nefarious behaviour.

Russian businesses are sanctioned
Today, President Biden signed an executive order prohibiting the use of property in connection with damaging actions taken by the Russian Federation’s government.

The Treasury Department has imposed sanctions on the following Russian technology firms for assisting the SVR, Russia’s Federal Security Service (FSB), and Russia’s Main Intelligence Directorate (GRU) in carrying out malicious cyber activities against the United States using the Executive Order issued today by President Biden.

A research facility and technology park funded and run by the Russian Ministry of Defense is called ERA Technopolis. The Main Intelligence Directorate of Russia (GRU) is housed and supported in ERA Technopolis, which also makes use of the personnel and knowledge of the Russian technology industry to develop military and dual-use technologies.

A business called Pasit, with its headquarters in Russia, carried out research and development in support of the hostile cyberoperations of the Russian Foreign Intelligence Service (SVR).

SVA is a Russian state-owned research facility with a focus on cutting-edge information security solutions. In order to facilitate the SVR’s nefarious cyber operations, SVA carried out research and development.

Neobit is an IT security company with offices in Saint Petersburg, Russia, and its clientele include the Russian Ministry of Defense, SVR, and the Federal Security Service of Russia (FSB). Neobit provided research and development in support of the FSB, GRU, and SVR’s cyber activities. Neobit was also designated today for providing material support to the GRU in violation of E.O. 13694, as modified by E.O. 13757, E.O. 13382, and the Countering America’s Adversaries Through Sanctions Act (CAATSA).

Russian Ministry of Defense, SVR, and FSB are a few of the clients of the IT security company AST. The FSB, GRU, and SVR’s cyber operations received technical assistance from AST. In accordance with E.O. 13694, E.O. 13382, and CAATSA, AST was also assigned today to support the FSB.

Positive Technologies is a Russian IT security company that works with clients in the Russian Government, such as the FSB. Positive Technologies holds sizable conventions that are utilised as FSB and GRU recruiting opportunities in addition to offering computer network security solutions to Russian businesses, foreign governments, and worldwide corporations. In accordance with E.O. 13694, E.O. 13382, and CAATSA, Positive Technologies was also designated today to help the FSB.

Without first requesting and receiving a licence from the Office of Foreign Assets Control, US firms and financial institutions are no longer permitted to conduct business with the aforementioned companies (OFAC).