The attackers behind the SolarWinds incident

23 days have passed since the attack was exposed. The early warning sensors that the US Cyber ​​Command and the National Security Agency placed inside foreign networks to detect potential attacks seem to have failed in this incident. In less than a month, the list of victims of the APT attack has been repeatedly exposed, and the governments of the United States, Britain, Russia and related companies have issued statements.

With the gradual disclosure of intrusion methods and related technical details, the attribution of has become the focus of exploration in various countries.

On January 5th, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI) and the National Security Agency (NSA) issued a joint statement that the Most or all of the reason is from the APT organization in Russia. For this reason, they will continue to collect intelligence and take all necessary steps to continue to determine the scope of the attack and respond accordingly.

This statement directly targeted Russia in this incident, but the statement did not show more direct evidence. More mentions in this document are the current action plans and action goals of the aforementioned organizations, but they will announce more information and information after they mention them at the end of the article.


It is worth noting that most of the US official and mainstream media have previously attributed the attacks to Russia. For example, US Secretary of State Mike Pompeo revealed in an interview that he believed Russia was responsible for this widespread cyber attack. The black hand behind the scenes may damage the computer systems of US government agencies.


Of course, judging from the evidence in this US statement alone, it does not seem to be convincing enough, so Russia quickly fought back and denied the accusation.

According to a report on the “Russia Today” (RT) website on January 4, FireEye, a private company that provides cybersecurity services to the U.S. government, admitted that the hacking of came from within the U.S. The government blamed foreign countries.

The report stated that hacker attacks originating in the United States were not detected by the relevant departments of the United States and had a huge impact. In order to cover up its mistakes, the US government shifted the attention of the masses to foreign countries. The report also suggested that if it was a hacker attack from Russia, why did it not cause a greater physical threat after successfully hacking into the US government website? “Obviously, this accusation is an unwarranted questioning by the United States to blame Moscow.”


At present, to find out the true identity of the organization behind this attack obviously requires further investigation and more evidence. But before the evidence has been fully demonstrated, the United States and Russia have formed a situation of mutual accusations.

The incident is no longer just a simple cyber security attack, or the focus of this incident has shifted from the impact of APT attacks to APT attribution based on geopolitics.

In view of the follow-up content of the above organizations, we will continue to pay attention. In addition, this incident exposed the huge security risks brought by targeted supply chain attacks to national security, and it is urgent for companies and even the country to strengthen the security review and monitoring technology innovation of the supply chain.