SolarWinds hack: US weighs ‘seen and unseen’ responses to major cyber attack

The White House is in “the closing stages” of deciding how to respond to a hack that compromised popular software by Texas-based SolarWinds Corp., according to Jake Sullivan, President Joe Biden’s national security adviser.

Sullivan said the US is considering “seen and unseen” responses to the attack, suspected of being carried out by Russian hackers and affecting at least 100 US companies and nine federal agencies.

“We’re in the closing stages of that process with options that will be presented at the highest levels here,” Sullivan said in an interview with Bloomberg News.

While Sullivan declined to elaborate, the US response could include sanctions, expelling Russian diplomats, indicting the suspected hackers or some kind of covert cyber retaliation against Russia. However, there’s growing frustration among lawmakers that those methods — used in response to previous hacks — haven’t deterred US adversaries from attacking its computer networks.

The administration continues to be focused intensively on remediation, Sullivan said. “Meaning, making sure that we’ve address the vulnerabilities of federal networks in particular,” Sullivan said.

The breach — along with another of Microsoft Corp.’s Exchange email software — is an early test for Biden and his cybersecurity team.

In December, cybersecurity analysts discovered a sprawling espionage campaign in which hackers compromised SolarWinds software, inserting malicious code into updates. As many as 18,000 customers received the malicious updates, though far fewer were targeted for follow-on attacks by the suspected Russian hackers.

This month, Microsoft revealed that suspected Chinese hackers exploited flaws in the code of Exchange to breach customer email systems. Cybersecurity experts say the attack had tens of thousands of victims.

The administration is working with Microsoft to encourage customers to patch their systems, and the nine compromised federal agencies are supposed to complete internal reviews of the breaches this month.