Russia sanctioned over SolarWinds, election interference -- even as cyber espionage continues

The White House announced a range of sanctions against Russia, and security agencies warned of software vulnerabilities that Russian intelligence services are actively exploiting.

In response to the hacking campaign against SolarWinds and interference in the presidential election, the White House last week announced a range of sanctions against Russia.

The sanctions target six technology companies that support the country’s spy services and  prohibit U.S. financial institutions from doing business with certain Russian financial institutions. The administration is also expelling 10 Russian intelligence officers working in Washington.

“Today the United States is formally naming the Russian Foreign Intelligence Service (SVR) … as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures,” according to an April 15  White House statement. “The U.S. Intelligence Community has high confidence in its assessment of attribution to the SVR.”

"This is a positive, welcome step towards adding more friction to Russian operations,” FireEye CEO Kevin Mandia said in a statement. “Simply naming the SVR, as well as the corporations that support it will inform our defense. Unfortunately, we are unlikely to fully deter cyber espionage and we will have to take serious action to better defend ourselves from inevitable future intrusions.” FireEye is credited with initially discovering the breach into SolarWinds.

“Today is a huge, precedent-setting day for attributing Russian intelligence operations, both cyber operations narrowly defined, but also influence operations and active measures," Thomas Rid, a professor of strategic studies at John Hopkins University, commented on Twitter.

Around the same time as the White House’s announcement, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the FBI published a joint advisory warning of five vulnerabilities in different software that Russian intelligence services are actively exploiting.

“This advisory is being released alongside the U.S. Government’s formal attribution of the SolarWinds supply chain compromise and related cyber espionage campaign,” the agencies said. “NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.”

A longer version of this article was first posted to FCW, a sibling site to Defense Systems.