APT29, The Dukes, or even Cozy Bear… Behind these nicknames attributed to a group of Russian hackers would hide the leg of Sluzhba Vneshney Razvedki (SVR), the foreign intelligence services of the Russian Federation.
In a rare attribution exercise - a real political act - the Biden administration named the SVR as the malicious actor who exploited a security flaw in the US company SolarWinds to engage in cyber espionage.
"The American intelligence community has high confidence in the evaluation of this attribution to the SVR" wrote the White House in its official communication of the day.
The United States has therefore announced financial sanctions against the country of Vladimir Putin but also against six Russian technology companies accused of supporting Moscow's intelligence hacking activities.
Cybersecurity: the massive hacking of email boxes, a real "unpinning grenade"
It is the first and most visible response to the gigantic cyberattack of 2020 that used as a vector SolarWinds, a US software company whose network monitoring product Orion was hacked to introduce a vulnerability among its users, including several US federal agencies and multinationals.
SolarWinds' supply chain was targeted with a backdoor, a hidden feature through which hackers were able to install malware and successfully complete their espionage operations.
The attack began in March 2020 and continued for months before being discovered in December by the computer security group FireEye, itself the victim of cyberattacks.
Microsoft President Brad Smith said at least 1,000 engineers participated in the operation then described as "the most sophisticated attack we have ever seen so far."
Morning essentials newsletter
A tour of the news to start the day
Subscribe to the newsletterAll newsletters
A senior American official warned that part of the reprisals would remain "secret", suggesting the possibility of a "hack back", a computer counter-attack.
Of "delirium" according to Russia
Blaming another state in a cyberattack or ransomware campaign is a balancing act and is a last resort when the evidence is compelling.
"Carrying out attribution is a political act, so as a civil servant, I do not play politics", explained Mathieu Feuillet, for example, deputy deputy director of operations at Anssi (National Agency for the Security of Security Systems). information), the cybersecurity policeman.
“The European Union and its Member States express their solidarity with the United States in the face of the consequences of malicious cyber activities and in particular of the SolarWinds cyberattack,” EU Foreign Minister Josep Borrell said in a statement issued in Brussels .
The Russian Foreign Intelligence Services (SVR) described Washington's accusations as "delusional" in a statement.
“Behind the centuries-old glorious pages of Russian intelligence history lies not only the utmost professionalism but also the ability to work honestly for the good of our country!
», Answered the press service of the SVR.
Moscow immediately retaliated, promising an "inevitable" response to US sanctions.