In a rare joint statement, the FBI, NSA, the Cybersecurity and Infrastructure Security Agency, and the Office of the DNI said the recently discovered hack of the software firm SolarWinds that affected several government agencies was “likely Russian in origin.”
The intelligence agencies offered no evidence to back up the claim that Russia was “likely” responsible. When the hack was first discovered, many in the media and in Congress began accusing Moscow of being involved, despite a lack of evidence. Some Senators even likened the hack to a Russian invasion.
While the Russian attribution by the intelligence agencies is not definitive, it comes at a sensitive time for US-Russia relations and will do nothing but stoke tensions. Joe Biden and members of his future administration have vowed to retaliate for the SolarWinds hack through financial sanctions and offensive cyberattacks.
Claims of Russian hacking are nothing new, as the US public has been bombarded by them for years now. But attributing cyber activity is difficult since hackers use tools to disguise their identity and location.
One way the US often attributes cyber activity to Russia is by identifying tactics, techniques, and procedures (TTPs) used by hackers. Federal agencies often say hackers used TTPs consistent with previous Russian government activity, offering that assessment as the only proof to substantiate claims of Russian hacking.
On December 17th, the Cybersecurity and Infrastructure Security Agency put out an alert that said the actor responsible for the SolarWinds hack likely has “tactics, techniques, and procedures that have not yet been discovered.”