Moscow spy chief denies being behind Solar Winds hack of nine US federal agencies but says he’s ‘flattered’ by the accusation
- SVR Director Sergei Naryshkin said ‘these claims are like a bad detective novel’
- US and UK accused Russian spies of the ‘highly-sophisticated’ hack in December
- Software breach exposed US government departments and powerful companies
Russia‘s spy chief has denied responsibility for the SolarWinds cyber attack but admitted he was ‘flattered’ by the accusations from the US and Britain.
The hack, described by Microsoft as the ‘most sophisticated cyber attack ever,’ was uncovered in December – a breach of software company SolarWinds which exposed their numerous high value clients, including nine US government agencies and a raft of Wall Street’s biggest firms.
Washington and London pointed the finger at Russia’s Foreign Intelligence Service (SVR), successor to the KGB.
‘These claims are like a bad detective novel,’ SVR Director Sergei Naryshkin, a close ally of Kremlin chief Vladimir Putin , told the BBC on Tuesday
Asked directly if the SVR was responsible for the SolarWinds attack, Naryshkin quipped with a smile that he would be ‘flattered’ if the SVR had been responsible for such a sophisticated attack but that he could not ‘claim the creative achievements of others as his own.’
Naryshkin said he did not want to accuse the US of being behind the attack but quoted from documents leaked by former National Security Agency contractor Edward Snowden to suggest that the tactics of the attack were similar to those used by US and British intelligence agencies.
The US and Britain cast Russia as a dangerous former superpower which they say has poisoned enemies with nerve agents and radioactive isotopes, meddled in Western elections and carried out hacking operations across the world.
Naryshkin said such accusations were absurd and that Russia was not responsible for the cyber-attacks, poisonings, hacks, or meddling in elections that it was blamed for.
The hack of SolarWinds gave access to thousands of companies and government offices that used its products.
Microsoft President Brad Smith described the attack as ‘the largest and most sophisticated attack the world has ever seen.’
Britain’s GCHQ cyber spying agency said that it was highly likely that SVR was responsible for the SolarWinds attack.
Naryshkin’s dismissal of the claims comes amid anger among American lawmakers at a cyber attack on an oil pipeline which has also been blamed on a Russian hacking outfit.
The Colonial Pipeline – which supplies 40 percent of fuel to the East Coast – was shut down last week after an attack which the FBI blamed on DarkSide.
The SolarWinds logo is seen outside its headquarters in Austin, Texas
Joe Biden has said that the Russian government was not behind the attack but has faced criticism from Republicans who claim that his ‘weakness’ has emboldened Moscow.
Sen. Tom Cotton (R-Ark.) last week said: ‘No cyber-gang in Russia can conduct this kind of attack against an American piece of critical infrastructure without the tacit or explicit knowledge of Vladimir Putin’s government.’
He told Fox News: ‘It shows that Joe Biden’s weak policy on Russia is having consequences for the American people.’
In the wake of the SolarWinds hack, the US expelled a number of Russian diplomats and imposed sanctions.
How hackers used legitimate software to carry out ‘biggest hack in US history’
The US Cybersecurity and Infrastructure Security Agency has released an alert detailing what it knows about the breach.
CISA says that hackers were able to compromise the supply chain of network management software from SolarWinds, specifically recent versions of the SolarWinds Orion products.
Beginning in March 2020, hackers used SolarWinds software updates to install a secret network backdoor, which authorities are calling SUNBURST.
The malicious code was signed by the legitimate SolarWinds code signing certificate. An estimated 18,000 customers downloaded the compromised updates.
Once installed on a network, the malware used a protocol designed to mimic legitimate SolarWinds traffic to communicate with a domain that has since been seized and shut down.
The initial contact domain would often direct the malware to a new internet protocol (IP) address for command and control. The attackers used rotating IPs and virtual private servers with IP addresses in the target’s home country to make detection of the traffic more difficult.
‘Taken together, these observed techniques indicate an adversary who is skilled, stealthy with operational security, and is willing to expend significant resources to maintain covert presence,’ CISA said in the alert.