US and UK governments officially name Russia’s Cozy Bear as the hacker group behind SolarWinds cyberattack

US and UK governments officially name Russia’s Cozy Bear as the hacker group behind SolarWinds cyberattack

The governments of the United States and the United Kingdom have officially named the Russian Intelligence Service (SVR) as the perpetrator behind the massive SolarWinds cyberattack, in addition to campaigns targeting COVID-19 research facilities.


Disclosed in December 2020, the SolarWinds cyber attack was one of the biggest and most serious cybersecurity incidents in recent years. The attackers were able to add malicious code to updates (versions 2019.4 through 2020.21) for Orion, an IT management software developed by SolarWinds. 18,000 customers ended up downloading the malicious updates, which essentially created backdoors on their systems that could be used to perform malicious activities. The attack itself was worrying enough, it became even more troubling when it emerged that among those potentially affected were government agencies like the US Department of Justice, the Department of Homeland Security, the Department of Energy, the National Nuclear Security Administration, and the Treasury, as well as companies like Microsoft.

While the cyberattack was attributed to Russia from the very beginning, it was not official confirmed by governments. In January this year, a joint task force formed by the US’s Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA) released a statement that called the attack “likely Russian in origin”. However, both the US and UK governments have now officially accused Russia’s Foreign Intelligence Service, also known as Cozy Bear, of carrying out the SolarWinds attack.

“Today the United States is formally naming the Russian Foreign Intelligence Service (SVR), also known as APT 29, Cozy Bear, and The Dukes, as the perpetrator of the broad-scope cyber-espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures,” the statement released by the White House states.

The UK government share similar concerns and have also accused Russian Intelligence Services of carrying out the SolarWinds cyberattack “against the UK and our allies”.

“Russia’s pattern of malign behavior around the world – whether in cyberspace, in election interference, or in the aggressive operations of their intelligence services – demonstrates that Russia remains the most acute threat to the UK’s national and collective security,” the UK statement reads.

Technically, the SVR had access to 18,000 infected computers located all over the world but only a select few entities were actually targeted. Among them were US agencies and companies from the cybersecurity industry, including FireEye and Malwarebytes.

Sanctions against Russia announced

In response to the SolarWinds attack, as well as multiple other incidents including interference in elections, the US has announced new sanctions against Russia. Ten Russian diplomats were forced to leave the US and up to 30 entities will be blacklisted.

In addition, the US has also sanctioned six Russian technology companies for their part in malicious activities carried out by the SVR, Russia’s Federal Security Service (FSB), and Russia’s Main Intelligence Directorate (GRU) against the United States. US companies and financial institutions have been banned from doing any business with the six companies unless a license from the US’s Office of Foreign Assets Control (OFAC) is first obtained.

The six companies are ERA Technopolis, Pasit, Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA), Neobit, Advanced System Technology, and Pozitiv Teknolodzhiz.

As expected, Kremlin has condemned the sanctions, calling them “illegal”. With the relationship between the US and Russia already strained, the sanctions are expected to create even more tension.

Site Disclaimer is not sponsored, affiliated, linked to or owned by malware developers or distributors that are referred to in this article. The article does NOT endorse or promote malicious programs. The intention behind it is to present useful information that will help users to detect and eliminate malware from their computer by using WiperSoft and/or the manual removal guide.

The article should only be used for educational purposes. If you follow the instructions provided in the article, you agree to be bound by this disclaimer. We do not guarantee that the article will aid you in completely removing the malware from your PC. Malicious programs are constantly developing, which is why it is not always easy or possible to clean the computer by using only the manual removal guide.

Leave a comment

Your email address will not be published.