Russians responsible for SolarWinds hack are targeting COVID-19 research, cyber officials say

Federal cyber officials on Thursday blamed the Russian Foreign Intelligence Service (SVR) for the SolarWinds hack of computer network management software and the targeting of COVID-19 research.

Previously, the government had said Russia was likely responsible for the hack that compromised nine federal agencies, but Thursday’s joint statement from the National Security Agency, FBI, and Cybersecurity and Infrastructure Security Agency provided more formal attribution of the hack that was publicly disclosed last year. The federal agencies pointed to SVR actors, also known as APT29 and Cozy Bear, as responsible for the hack.

“Recent Russian SVR activities include compromising SolarWinds® Orion® software updates, targeting COVID-19 research facilities through deploying WellMess malware, and leveraging a VMware® vulnerability that was a zero-day at the time for follow-on Security Assertion Markup Language (SAML) authentication abuse,” said the agencies in the cybersecurity advisory. “SVR cyber actors also used authentication abuse tactics following SolarWinds-based breaches.”