SolarWinds really represents a new normal for Russian intelligence

SolarWinds really represents a new normal for Russian intelligence. If you look at what they were doing prior to SolarWinds, they were trying to be very noisy when they were breaking in and being detected very, very quickly,” Dmitri Alperovitch, executive chairman, Silverado Policy Accelerator, said in a Feb. 10 hearing before the House Committee on Homeland Security. “I believe that they reevaluated post their original compromises of the White House, State Department and the Joint Chiefs of Staff back in 2014 and 2015 and realized that the supply chain vector — being able to comprise these high-risk software like SolarWinds and using that to gain access to high value networks is really the way to go if you want to have long term access to these networks and remain undetected for months if not years.”

Other cybersecurity experts have noted changes in Russia’s tradecraft throughout the last decade. Kevin Mandia, CEO at cybersecurity firm FireEye, has said if Russian hackers were caught in U.S. networks a decade ago, they would leave to prevent any observation of their behavior. This changed around 2014-2015 when, if caught, they would persist on the network even though they knew they were being watched.

Alperovitch, who co-founded CrowdStrike and left in 2020, has followed Russian intelligence and cyber activities for years. He indicated the country’s efforts in cyberspace mirror its activities in human intelligence, sending spies to implant themselves in society over decades to steal secrets.

China discovered several years back that it can hack contractors working on sensitive Department of Defense and national security programs to steal information and intellectual property, even use the information to build similar systems such as its J-31, which closely resembles the F-35.

Anne Neuberger, a senior official at the White House National Security Council, has been in the position since President Biden took office, but administration officials didn’t make her appointment public until Wednesday. She has been leading the handling of the hack fallout since day one of the Biden administration, said Emily Horne, an NSC spokeswoman. Officials didn’t say why Ms. Neuberger’s role leading the response wasn’t disclosed sooner.

Ms. Neuberger is focused on directing federal agencies compromised in the hack toward specific remediation solutions and identifying issues in how the government has responded. She has also worked with the private sector on addressing the attack, which may include “potential executive actions underway,” Ms. Horne said, though she didn’t elaborate. Ms. Neuberger is also focused on launching a study of the SolarWinds breach to learn lessons and to prevent such incidents in the future, Ms. Horne said.