The media was quick to blame a reported cyber attack on “Russian Hackers,” referring to it as “massive espionage” and quoting anonymous sources. While Russia has denied involvement, the pressure is now on for Biden to strike at Moscow over unverified allegations…
That reported cyber attack has been referred to as “a massive espionage attack aimed at the federal government,” but the US Government itself is saying very little, and some experts are saying that this type of a breach could have been pulled off by anyone.
It all started when the software company SolarWinds announced in a filing with the Securities and Exchange Commission “that around 18,000 customers were likely impacted” by an attack involving hackers who exploited “a vulnerability in Orion software updates sent to customers” between March and June of this year. Those customers include several federal agencies and all five branches of the US Military. While the Department of Defense has yet to confirm whether it was hit, reports claim hackers were able to monitor emails within the Commerce and Treasury Departments, and that the State Department, the Department of Homeland Security and branches of the Pentagon were also likely included.
As for the identity of the hackers? Both the New York Times and the Washington Post blamed “Cozy Bear,” an alleged group of hackers that have been blamed for everything from infiltrating the DNC—despite evidence stating otherwise—to spying on COVID-19 vaccine data in the US. The media has claimed time and time again that the group has ties to Russian Intelligence. But every single time, the publications back up their claims by citing “anonymous sources.”
But Moscow has repeatedly denied having any ties to the suspected hackers. The Russian Foreign Ministry referred to the latest “allegations as another unfounded attempt by the US media to blame Russia for cyberattacks against US agencies.” The spokesperson for President Putin has also noted that it was Moscow, which proposed a cyber security agreement between the two countries—and it is Washington that has yet to respond. While the allegations went straight to Russia, a security researcher quoted in the original report told Reuters that last year, “he alerted the company that anyone could access SolarWinds’ update server by using the password ‘solarwinds123.’” He said “This could have been done by any attacker, easily.”
The US Government has yet to say who it believes was behind the reported attack—but the pressure is already mounting for an incoming Biden Administration to take action—before any of the claims from anonymous sources have been verified.