US Hits Russia With Fresh Sanctions Over Solarwinds Hack, Expels Diplomats

US President Joe Biden has signed an executive order to penalise the government of the Russian Federation because of ‘specified harmful foreign activities.’

The executive order comes after the White House said on Thursday that Russia’s foreign intelligence service, known as the SVR, was responsible for the SolarWinds hack, which resulted in the compromise of nine federal agencies and hundreds of private sector companies.

Multiple US intelligence agencies had already publicly declared in January that Russia was behind the supply chain compromise of US government federal agencies.

SolarWinds compromise

But now the US has pinpointed the attack on a specific Russian agency.

As a reminder, the hackers had inserted backdoor code into SolarWinds’ Orion platform in March 2020 (or possibly earlier according to one US senator) and used this to access the systems of multiple US federal agencies, as well as hundreds of private firms before the attack was discovered in December 2020.

Just before Christmas US Senator Ron Wyden revealed that dozens of email accounts at the US Treasury Department had been compromised.

A number of leading tech firms and security firms such as Microsoft and FireEye were also impacted. Microsoft for example admitted that the SolarWinds hackers actually accessed and viewed internal source code repositories.

Microsoft, like many others, had made internal use of the software used in the attack, SolarWinds’ Orion network management software.

Russia sanctions

The White House statement on Russia was paired with a series of sanctions against five Russian cybersecurity firms, which the Treasury Department said had been involved in supporting Russian cyber operations.

During a White House press briefing, US officials said that the US was carrying out it promise to tackle Russia over its use of a chemical weapon to poison Aleksey Navalny, as well as “executing responses to the cyber intrusion of SolarWinds and the interference in the 2020 election.”

“There will be elements of our responses to these actions that will remain unseen,” the US warned. “Our actions announced today constitute our public response, which we intend to be understood as resolute but proportionate.”

“On SolarWinds, we’re formerly naming the Russian Foreign Intelligence Service – the SVR – as the perpetrator of the broad-scope cyber espionage campaign that exploited the SolarWinds Orion platform and other information technology infrastructures,” the official stated.

The SVR unit is also known as APT29, Cozy Bear, the Dukes.

“Sanctions are one component of today’s response,” said the US official. “Today, President Biden signed a new sanctions executive order that provides strengthened authorities for the administration to respond to and deter Russia’s harmful foreign activities.”

Executive order

“Under the new EO (executive order), Treasury today has issued a directive that prohibits US financial institutions from participation in the primary market for ruble or non-ruble denominated bonds issued after 14 June 2021, by the Central Bank of the Russian Federation, the National Wealth Fund of Russia, or the Ministry of Finance,” the official said. “This directive provides authority for the US government to expand sovereign debt sanctions on Russia as appropriate.”

“Also under the new EO, Treasury has today designated six Russian companies that provide support to the SVR cyber program and other Russian intelligence agencies’ cyber programs, ranging from providing expertise, to developing tools and infrastructure, to facilitating malicious cyber activities,” the official said.

He added there are also elements within the executive order that the US is not exercising today, and that it “would prefer not to have to deploy these authorities, but the scope of the EO and it potential to cause meaningful impact should send a clear signal that continued harmful foreign activities – including further election interference, further malicious cyber activities – are unacceptable, and we are prepared, going forward, to impose substantial and lasting costs if this behaviour continues or escalates.”

Other US sanctions also announced today sees the US Treasury also sanctioned 32 entities and individuals carrying out Russian government-directed attempts to influence the 2020 US presidential election and to pursue other forms of disinformation and influence campaigns against partners, allies, and other governments.

The United States is also expelling 10 Russian officials from Russia’s Washington, DC, diplomatic mission.