Russia denies claims it was responsible for massive hacking campaign targeting US government and private companies

Kremlin says the claims are ‘baseless’

Graig Graziosi
Tuesday 15 December 2020 01:22
Comments
Treasury Department Hacked
Treasury Department Hacked

Russia has denied allegations that it was behind a massive hacking campaign that compromised numerous US government agencies.

The hacking campaign affected government, technology, telecom, consulting, and oil and gas companies. The hacking impacted entities in North America, Asia, Europe and the Middle East.

Sources familiar with the breach told the Washington Post that a Russian hacking group called APT29 or CozyBear, which is an arm of the Russian intelligence agency the SVR, was behind the campaign.

The Russian embassy issued a statement on Wednesday saying that the allegations were "baseless." Russian officials said that "Russia does not conduct offensive operations" in cyber campaigns and said that "attacks in the information space contradict" the country's foreign policy and national interests.

The hacking group accused of carrying out the campaign is the same one that breached a White House email server during the Barack Obama administration.

The Commerce Department, National Security Council and the Department of Homeland Security all confirmed that they had been breached in the hack, but did not offer further details as to the extent of the intrusion.

The hackers gained access through SolarWinds, a security vendor that contracts with the federal government and private corporations.

In addition to government agencies, private companies contracting with SolarWinds are also at risk.

SolarWinds has more than 300,000 customers, including Harvard University, McDonald's restaurants, Lockheed Martin, Sprint, Subaru, AT&T, CBS, and the cities of Tampa and Nashville.

Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive that ordered all federal agencies to immediately disconnect the affected products from their networks.

“Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” CISA said in the order.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in