U.S. cyberattacks against Russia may be underway in reprisal for SolarWinds hack, experts say

The U.S. will respond to the SolarWinds hack with "a mix of actions seen and unseen," White House Press Secretary Jen Psaki has said.
Depiction of a hacker
By Susan Katz Keating

A purported series of forthcoming U.S. cyberattacks against Russian government systems may already be underway in response to the SolarWinds computer data breach, according to security sources.

"The tech companies wanted this, the government wanted this, and Rubio asked for it," one security official told Just the News. "Maybe it's already in motion." 

The official made the comment in reference to multiple appeals for reprisal over the SolarWinds breach. Among those calling for counterstrikes were Senate Intelligence Committee ranking member Sen. Marco Rubio (R-FL), who said late last year that "America must retaliate, and not just with sanctions."

The SolarWinds attack last year came in the form of a secret virus that was unleashed through an ordinary-seeming computer system update. The virus spread for some nine months, and is believed to have infected files at the U.S. Departments of Justice, State, Treasury, Energy, and Commerce. 

In the wake of a recently revealed hack against the Microsoft Exchange Server, the White House on Monday confirmed reports that the U.S. plans to retaliate for the breach on American systems.

"We will be responding to the SolarWinds hack with a mix of actions seen and unseen," White House press secretary Jen Psaki said in a statement to CNBC, published Mar. 8. "We will not publicly discuss certain aspects of our response."

Psaki's statement followed a weekend report in the New York Times that within the next three weeks, the U.S. would launch "a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir V. Putin and his intelligence services and military but not to the wider world."

Russia's state-run news agency, Tass, immediately picked up the report and recapped for readers what led to the ominous warning from unnamed American officials.

"US intelligence claims Russia is behind the cyberattack on SolarWinds' software," Tass wrote in a Mar. 8 article. "In March 2020, hackers managed to upload a virus into the Orion update, which was then downloaded and used by thousands of the company's customers, including U.S. government agencies and more than 400 of the largest US enterprises."

The Kremlin insisted on Monday that Moscow didn't do it.

"Russian representatives at the highest level categorically rejected Washington's version of Moscow's involvement in the attack," the Russian government wrote.

But the threats and protests of innocence may be moot by now, according to U.S. officials who spoke to Just the News.

"We may have started the response already," one security official said. "We have the capacity to send a very strong cyber message, and you will find that a lot of our cyber people believe we have begun to do so, in response to SolarWinds."

The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA), meanwhile, on Monday warned organizations to take action against a recently discovered breach of the Microsoft Exchange. 

"Is your organization using Microsoft Exchange on-Premises products?" CISA wrote in a Mar. 8 tweet. "Make sure to immediately apply the recent Microsoft patches." The tweet followed an emergency directive last week requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to disconnect those products until they installed a patch from Microsoft. 

Microsoft has linked the breach to hackers working for the People's Republic of China. The FBI has said that it is investigating the attack.

The White House did not immediately respond to Just the News.

The Senate last month held hearings as it sought to understand how hackers broke into SolarWinds and major American computer networks and lurked undetected for months.