Russia denies claims it was responsible for massive hacking campaign targeting US government and private companies

Kremlin says the claims are ‘baseless’

Graig Graziosi
Tuesday 15 December 2020 01:22 GMT
Treasury Department Hacked
Treasury Department Hacked

Russia has denied allegations that it was behind a massive hacking campaign that compromised numerous US government agencies.

The hacking campaign affected government, technology, telecom, consulting, and oil and gas companies. The hacking impacted entities in North America, Asia, Europe and the Middle East.

Sources familiar with the breach told the Washington Post that a Russian hacking group called APT29 or CozyBear, which is an arm of the Russian intelligence agency the SVR, was behind the campaign.

The Russian embassy issued a statement on Wednesday saying that the allegations were "baseless." Russian officials said that "Russia does not conduct offensive operations" in cyber campaigns and said that "attacks in the information space contradict" the country's foreign policy and national interests.

The hacking group accused of carrying out the campaign is the same one that breached a White House email server during the Barack Obama administration.

The Commerce Department, National Security Council and the Department of Homeland Security all confirmed that they had been breached in the hack, but did not offer further details as to the extent of the intrusion.

The hackers gained access through SolarWinds, a security vendor that contracts with the federal government and private corporations.

In addition to government agencies, private companies contracting with SolarWinds are also at risk.

SolarWinds has more than 300,000 customers, including Harvard University, McDonald's restaurants, Lockheed Martin, Sprint, Subaru, AT&T, CBS, and the cities of Tampa and Nashville.

Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive that ordered all federal agencies to immediately disconnect the affected products from their networks.

“Treat all hosts monitored by the SolarWinds Orion monitoring software as compromised by threat actors and assume that further persistence mechanisms have been deployed,” CISA said in the order.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies


Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in