The FBI, Office of the Director of National Intelligence (ODNI), Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) issued a joint statement on Tuesday through the newly created cyber unified coordination group (UCG) to provide updates on an advanced persistent threat actor allegedly linked to Russia.
“The UCG believes that, of the approximately 18,000 affected public and private sector customers of Solar Winds’ Orion product, a much smaller number have been compromised by follow-on activity on their systems. We have so far identified fewer than ten U.S. government agencies that fall into this category, and are working to identify and notify the nongovernment entities who also may be impacted,” the joint statement reads.
FBI is conducting an investigation based on four lines of effort: victim identification, evidence collection, analysis of evidence and sharing of results with partners in the government and private sector.
CISA’s efforts include information sharing activities, development of a free tool to detect malicious activity related to the cyber incident and issuance of a technical alert. ODNI is working to provide UCG with updated intelligence data to facilitate cyber response and mitigation activities within the U.S. government.
The NSA has been supporting UCG by offering technical mitigation measures, evaluating the scope and scale of the cyber incident and providing actionable guidance, cybersecurity and intelligence support to UCG partners and stakeholders within the defense and national security community.
The FBI, CISA and ODNI announced the formation of UCG in mid-December to facilitate a “whole-of-government response” to the cyber attack involving SolarWinds’ Orion Network Management products.
