In December, 2020, a major cyberattack targeted SolarWinds, compromising numerous governmental agencies and multinationals around the world. The US and the UK have held operatives working for Russia’s Foreign Intelligence Service on Thursday (SVR) responsible. In response, the US has imposed sanctions on Russia.
The US Treasury Department imposed sanctions for “undermining the conduct of free and fair elections and democratic institutions”. It has also placed a ban on six technology companies that support Russian Intelligence Services’ cyber program. It barred companies including ERA Technopolis, Pasit, Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA), Neobit, Advanced System Technology, and Pozitiv Teknolodzhiz (Positive Technologies). Some of the banned companies cater to the Russian Ministry of Defense, SVR, and Rus (FSB).
The Biden administration has also expelled ten members of Russia’s diplomatic mission in Washington, D.C., including security service personnel.
The SolarWinds attack
SolarWinds is an IT firm. Last year it was victim to a cyberattack which went undetected for several months. Through this breach, hackers were able to spy on cybersecurity firms like FireEye and breach networks of the American government. This raised alarms about potential spying on top officials and access to official secrets. Some of the compromised departments include the Department of Homeland Security and the Treasury Department.
Apprehensions of the fallout were exacerbated by the scale of the attack. Businesses commonly use the “Orion” framework to control their IT resources. 33,000 Solarwinds customers use Orion. SolarWinds inadvertently sent out software updates to its customers containing the stolen code as early as March 2020. The code provided a backdoor into customers’ IT systems. The hackers used it to install more malware allowing them to spy on businesses and organizations.
What is the significance?
This was one of the most significant breaches in recent memory. The assault caught the US Cyber Command off-guard preventing immediate response and mitigation protocols. As a result, the hack instituted wide changes in the cybersecurity apparatus.
It is costly and difficult to protect networks when several systems are targeted at the same time. Hackers might “destroy or change data, and impersonate legitimate people” if they gain access to government networks. They may also leave hidden traces allowing future access, which are often difficult to unearth and remove. Not to mention, access to confidential information can have unprecedented political and economic consequences that might even compromise national security.
Who did it?
According to federal investigators and cybersecurity experts, Russian Intelligence (SVR) most likely carried out the assault. The 2014 – 15 hack of White House, State Department, and Joint Chiefs of Staff email servers was also attributed to Russian intelligence. They also targeted the Democratic National Committee and members of Hillary Clinton’s presidential campaign.
Russia has denied any involvement in the breach. Former President Donald Trump has indicated that Chinese hackers might be to blame, without providing any facts.
Earlier, the Biden Administration had said that it would respond to the cyberattack in coming weeks. The recent sanctions imposed on Russia seems to be the action following this statement.
Russia’s response to US’ Sanctions
Retaliating to the US’s sanctions, Russia expelled ten US diplomats and barred eight high-ranking current and former US officials from entering the country. FBI Director Christopher Wray, Director of National Intelligence Avril Haines, US Attorney General Merrick Garland, and Secretary of Homeland Security Alejandro Mayorkas were among those barred from entering the country. Michael Carvajal, the Director of the Federal Bureau of Prisons, Susan Rice, the Director of the Domestic Policy Council, John Bolton, the former US National Security Advisor, and ex-CIA Director Robert James Woolsey were among those facing an entry ban.
The Russian foreign ministry said it would halt the activities of US funds and NGOs in Russia that it believes intervene in the country’s internal affairs. Foreign minister Sergei Lavrov spoke of “painful” sanctions against US companies doing business in Russia.
Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.