John Demers, assistant attorney general for national security at the Department of Justice, said the FBI and other intelligence agencies launched a review of vulnerabilities originating from software suppliers that have ties with Russia to determine if there is "back-end software design and coding" that makes intrusions into U.S. companies possible, CyberScoop reported Thursday.
They will review supply chain risks, taking into account an alleged Russian hacking campaign that spied on U.S. federal agencies by exploiting SolarWinds software.
The Department of Commerce will be informed about review findings, according to Demers.
“If there’s back-end software design and coding being done in a country where we know that they’ve used sophisticated cyber means to do intrusions into U.S. companies, then maybe … U.S. companies shouldn’t be doing work with those companies from Russia or other untrusted countries,” he said.
Demers said Commerce will have to decide if suspected vendors should be banned from U.S. supply chains.