How SolarWinds cyber-attack forced US to sanction Russia

After launching diplomatic and financial offensives against Russian officials and businesses in retaliation for election-meddling in the US, the Joe Biden administration has highlighted the massive SolarWinds cyber-attack by the Russia-based nation-state threat actors that hit more than 250 federal agencies and several tech giants.

Since February, the Biden administration has been working to remediate the SolarWinds attack and change federal IT practices to protect against similar attacks in the future.

Several federal agencies and over 100 private sector companies including tech giants like Intel, Cisco, VMware and Nvidia were compromised as a result of SolarWinds software hack, according to the White House.

In the widespread cyber-attack, hackers also broke into the networks of NASA and the Federal Aviation Administration (FAA).

The Russian hackers installed a malware in the Orion software sold by the IT management company SolarWinds, and accessed sensitive data belonging to several US government agencies and private sector tech companies.

Microsoft President Brad Smith had said that this cyber-assault is effectively an attack on the US and its government and other critical institutions, including security firms.

In March, a White House spokesperson described the security failure as the result of “significant gaps in modernisation and in technology of cybersecurity across the federal government.”

Media reports also surfaced that Biden administration was planning to launch cyber-attacks against Russia.

The New York Times has reported that the Biden administration was preparing to take “a series of clandestine actions across Russian networks” for the alleged hacking of the US government, agencies, and corporations through the IT firm SolarWinds.

In another big cyber-attack after SolarWinds, at least 30,000 organisations across the US, including government and commercial firms, were hacked by China-based threat actors who used Microsoft’s Exchange Server software to enter their networks.

The Federal Bureau of Investigation (FBI) has now launched a mega operation to copy and remove malicious web shells from hundreds of vulnerable computers in the US that were running on-premises versions of Microsoft Exchange Server software used to provide enterprise-level email service.