Russia’s Foreign Intelligence Service has been blamed for the SolarWinds cyber attack.

The UK and US have revealed for the first time that Russia’s Foreign Intelligence Service (SVR) was behind a series of cyber intrusions, including the SolarWinds compromise.

The National Cyber Security Centre, a part of GCHQ, assesses that it is highly likely the SVR was responsible for gaining unauthorised access to SolarWinds Orion software and subsequent targeting. You can read from the source here.

The US National Security Agency (NSA), Department of Homeland Security’s Cybersecurity Infrastructure Security Agency (CISA) and the FBI have published a technical advisory with mitigation advice. Read the guidance in full.

The NCSC has previously published guidance for organisations on this compromise:

Foreign Secretary Dominic Raab, said:

“We see what Russia is doing to undermine our democracies. The UK and US are calling out Russia’s malicious behaviour, to enable our international partners and businesses at home to better defend and prepare themselves against this kind of action. The UK will continue to work with allies to call out Russia’s malign behaviour where we see it.”

You can read the Foreign Secretary’s statement on this action in full here.

 

Subscribe
Notify of
guest
21 Comments
oldest
newest
Inline Feedbacks
View all comments
farouk
farouk
2 months ago

It never fails to amaze me how complacent the Uk is regards computer security. I fix peoples computers for a hobby and the number of people who refuse to pay for a AV package beggars belief and that Laissez-faire attitude is transferred across to business where swapping passwords is rife. lets not forget that a large number of ransomware hijacks at the NHS was because their security experts didn’t bother to upgrade their systems, I can remember before i left, having an argument with a Lt Col who demanded I give her my Dii passwords so she could check my mail… Read more »

Sean
Sean
2 months ago
Reply to  farouk

The problem at the NHS was that the security experts wanted to install the updates but were overruled by management as it would break their in-house applications. Although supposedly coded for ‘web-browsers’, the applications had been coded for specific versions of a highly non-standard web browser, Internet Explorer. That tied the applications to specific versions of IE and MS Windows. Any half competent developer could have pointed this is out, and presumably did. But as with the Challenger disaster, managers overruled the experts.

Jonathan
Jonathan
2 months ago
Reply to  Sean

The problem is always money, resource, complexity and chaos. 1) money impacts on what you can do in year, so NHS IT is always a fix it today affair, and every £1500 pound spent on IT is a hip replacement not done (it costs about 10 times that at a private hospital) or 100 children not immunised. The money is everything and NHS managers always have to think, money spent on infrastructure is not money spent on patient care. 2) resources: the NHS is made up of around 10 thousands independent organisations each with their own IT systems Holding untold… Read more »

Ron5
Ron5
2 months ago
Reply to  farouk

Good to know it was all the UK’s fault for Russia’s attack.

farouk
farouk
2 months ago
Reply to  Ron5

Ron wrote:

Good to know it was all the UK’s fault for Russia’s attack.

Need to push that to the back of the queue after the Uk’s guilt with the following:
Global warming climate change
Slavery
Empire
Not taking in 30 year old children from France
WW2
Covid
Oppressing the alphabet people

Last edited 2 months ago by farouk
Geoffrey Roach
Geoffrey Roach
2 months ago
Reply to  farouk

Upsetting Napoleon
Starting the Spanish Armada
The Inquisition
Norman firing arrows
Vikings raping and pillaging
Roman eating habits
Druids painting themselves blue
Killing the dinosaurs

My God ..your right. Our crimes are endless. Why don’t you leave.

farouk
farouk
2 months ago
Reply to  Geoffrey Roach

GR wrote:
“”My God ..your right. Our crimes are endless. Why don’t you leave.””

Gee look at you,

Last edited 2 months ago by farouk
Geoffrey Roach
Geoffrey Roach
2 months ago
Reply to  farouk

No sense of humour then.

farouk
farouk
2 months ago
Reply to  Geoffrey Roach

Richard Edward wrote:
“”No sense of humour then.”
You replied to my post in a most condescending manner, which you ended with telling me to leave the country. seen as I have kept away from you since your previous vapid remarks ,don’t try to excuse your surreptitious bigoted mindset as humour.

Last edited 2 months ago by farouk
Jonathan
Jonathan
2 months ago
Reply to  Geoffrey Roach

Um Geoff, couple things, if you look at historic migration we are sort of Romano-Celtic, Anglo Saxon, Viking and Norman….so really the following is defo US

blue druids, Check
roman eating habits, check
viking raping and pillaging, check
Normans, check.

and we really really irritated Napoleon, I mean he really did not like the British, infact he really hated us, not in a geopolitical sense, but in everything Britain was and stood for. It was noted by a number of contemporary sources that his hatred was “palpable” even before the peninsula war.

Nigel Collins
Nigel Collins
2 months ago
Reply to  farouk

It amazes me how they can gain access to even the most secure technology that you would have thought to be completely secure.

https://www.cnbc.com/2017/11/08/chinese-theft-of-sensitive-us-military-technology-still-huge-problem.html

farouk
farouk
2 months ago
Reply to  Nigel Collins

The current Government appears to be myopic regards the threat faced by China. for example Huawei which has very strong links to the Chinese government was allowed to build the backbone to our computer network with the likes of BT using a lot of their stuff, yet the British Military (and I can only presume the civil service as well) use BT networks for their computer networks this from a company banned from most western nations (add Romania the other other day) only yesterday it was revealed that Huawei had access to Dutch phone calls, But the Uk feels that we have nothing… Read more »

Last edited 2 months ago by farouk
Cymbeline
Cymbeline
2 months ago
Reply to  farouk

Indeed, if you type into Google ‘cyber news’ and read the various daily updates of security breaches at various companies and government depots its frightening. I normally check them out daily and I’m pretty convinced if they really want to get into a system they will find a way. All you can do is practice good I.T. hygiene, make sure your updates are up to date, use a good AV, strong passwords, beware of anything out of the unusual. It’s all a bit of a mine field really but keep in mind most attempts will still be through dodgy links… Read more »

Cymbeline
Cymbeline
2 months ago
Reply to  Cymbeline

https://www.theguardian.com/business/2021/apr/17/poppy-gustafsson-the-darktrace-tycoon-in-new-cybersecurity-era

I attach a link to a story about a UK company called Darktrace, they are going down an innovative route of AI. They are due to float on the stock exchange in the next few weeks and I’m of the opinion we will hear a lot more in the future about them, another UK success I hope.

Nigel Collins
Nigel Collins
2 months ago
Reply to  farouk

Cheers farouk, it’s no wonder how China is catching up with the West and we appear to be playing our part in letting them. Give it another five years and I can see us in real trouble as they will have solved their engine problems and no doubt have the information to do it! Not forgetting the numbers or the missiles. Thank god for small mercies like Radar 2! “A modified version of the J-20B entered mass production in June last year after Chengdu Aerospace Corporation (CAC), the developer of the J-20, set up a fourth production line in 2019. Each line… Read more »

Jonathan
Jonathan
2 months ago
Reply to  farouk

Unfortunately most people trust there colleagues and so work around the rules of expediency by sharing passwords, allowing them to use their account by staying logged in, accessing security doors, giving over keys, not fully checking drugs or blood products before they are administered, not checking work etc etc etc What most people who do this forget is that: 1) Some people will not be honest and may be trying to defraud 2) some people are not very good at their jobs and make lots of error 3) even highly competent individuals actual make plenty of errors 4) Some people… Read more »

Chris Jones
Chris Jones
2 months ago
Reply to  farouk

Having worked in NHS IT security in the past I can only agree with you but I promise, there was no lack of desire on our part to improve things. We were often met with conflicting demands from management to make the system 100% secure whilst enabling old systems to soldier on because they didn’t have the money to develop new systems. When the money was made available, the organisation I worked for was very adept and spending the money on anything but IT security. Part of the issue is the huge number of antiquated systems that rely on old,… Read more »

Billythefish
Billythefish
2 months ago

I think the US is doing quite enough on it’s own to destroy it’s democracy to be honest.

dan
dan
2 months ago

China hacks, ect Western systems 100 times more than Russia yet China Joe doesn’t say a thing. Hmmm

dave12
dave12
2 months ago
Reply to  dan

And how do you know that fox news dan? You trumpski supporters really cant drop your love for pootin can you lol.

Pete
Pete
2 months ago
Reply to  dan

If your going to be ideologically so far right that Hitler would be happy at least be consistent …last week you were advocating Biden was in bed with Putin ….lol