Kevin Mandia, the CEO of the cyber-security firm FireEye that identified the large-scale hacking of US government agencies, has claimed it has “genuinely impacted” around 50 organisations.
He said that while some 18,000 organisations had the malicious code in their networks, it was the 50 who suffered major breaches.
The US Treasury and departments of homeland security, state and defence are known to have been targeted.
The head of the UK’s communications intelligence service GCHQ has described the major security breaches at US software firms as “serious events”, as British intelligence officials investigate the level of UK exposure.
US Secretary of State Mike Pompeo has blamed Russia for the hack, as have the chairs of the Senate and House of Representatives’ intelligence committees.
However, President Trump cast doubt on Russia’s role in two tweets on Saturday, hinting instead at Chinese involvement.
As reported by Emerging Risks, FireEye, one of the largest cybersecurity companies in the United States, disclosed in a Securities and Exchange Commission note mid-December that it had become the latest victim of a targeted cyber hacking.
The company suggested that the breach was most likely by a foreign government, leading to the theft of an array of internal hacking tools typically used to test the cyber defences of its clients.
Speaking over the weekend, Mandia told CBS News that the cyber attack “was very consistent” with what US officials know about the work of Russia’s foreign intelligence agency, the SVR.
“I think these are folks that we’ve responded to in the ’90s, in the early 2000s. It’s a continuing game in cyberspace,” he said.
He said the attack on the Texas-based SolarWinds Orion, the computer network tool now understood to be at the source of the breach, had the “earliest evidences of being designed”.
It started with a “dry run” in October 2019 when “innocuous code” was changed. “Then sometime in March, the operators behind this attack did put malicious code into the supply chain,” he said, “injected it in there and that is the backdoor that impacted everybody”.
What is being said about Russia’s involvement?
Despite Russia’s denials of the “baseless” claims, many in the US intelligence community suspect the Russian government is responsible.
The Republican Chair of the Senate intelligence committee, Marco Rubio, tweeted that it is “increasingly clear that Russian intelligence conducted the gravest cyber intrusion in our history”. He said the response “must be proportional but significant”.
Adam Schiff, Democrat chair of the House intelligence committee, echoed these views, saying on Sunday: “I don’t think there’s any question that it was Russia”.