The U.S. intelligence agencies including the National Security Council (NSC), the FBI, the Cybersecurity & Infrastructure Security Agency (CISA), and the Director of National Intelligence (ODNI) have jointly established the Cyber Unified Coordination Group (UCG) to coordinate the investigation and remediation of recent cyber incidents involving federal government networks.
The UCG stated that over 18,000 public and private sector customers of SolarWinds’ Orion product and around 10 U.S. government agencies were affected in the recent string of cyberattacks. The agency said it is still working to identify and notify the non-government entities who also may be impacted.
“This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence-gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly,” the agencies said in a statement.
All the federal agencies are supporting the UCG by providing their intelligence, cybersecurity expertise, mitigation measures, and guidance on evaluating the scale of the recent SolarWinds cyberattacks.
- As the lead agency for threat response, the FBI is focused on four critical lines of effort – identifying victims, collecting evidence, analyzing the evidence to determine further attribution, and sharing results with the government and private sectors.
- As the lead for asset response, CISA is focused on sharing information immediately with the government and private sector partners as we work to understand the extent of this campaign and the level of exploitation. CISA has also created a free tool for detecting unusual and potentially malicious activity related to this incident.
- As the lead for intelligence support and related activities, ODNI is coordinating the Intelligence Community to ensure the UCG has the most up-to-date intelligence to drive the U.S. Government mitigation and response activities.
- The NSA is supporting the UCG by providing intelligence, cybersecurity expertise, and actionable guidance to the UCG partners, as well as National Security Systems, Department of Defense, and Defense Industrial Base system owners.
“The UCG remains focused on ensuring that victims are identified and able to remediate their systems, and that evidence is preserved and collected. Additional information, including indicators of compromise, will be made public as they become available,” the agencies added.