Robert M. Lee, a former NSA hacker and the founder and chief executive of Dragos, told the CyberWire podcast that FireEye had made it clear that a new group was to blame for the widespread intrusion that has seen growing alarm within the US Government over the extent of infiltration.
"Originally, people came out and attributed this to Russia and APT29, but FireEye was very explicit that it's not APT29. it's a new group they are tracking," he said.
NEC's Kudlow just spoke to reporters, per pool report.— Eric Geller (@ericgeller) December 18, 2020
On SolarWinds, he said, "I don’t know totally who’s responsible. People are saying Russia. I don’t know that. It could be other countries. I just don’t know."
He said he wasn't an expert & referenced "the cyberspace boys."
"We have seen some people, senators and the like, come out and say it's Russia, but we don't know at this point, it's too early in the game."
Lee, whose company focuses on security of industrial control systems, said companies that concentrated on firewalls and anti-virus software would not have the necessary logs to know they had been compromised. This meant they could be open to the attackers for a long time and that was a fairly frightening scenario.
The attack came to light this month soon after cyber security firm FireEye announced on 9 December AEDT that it had been compromised and had its Red Team tools stolen. However, the company made no mention of when it had noticed this breach.
Five days later, the firm issued details about attacks using malware which it called SUNBURST, which it said had been used to hit both private and public entities, through the Orion network management software which is a product of SolarWinds.
A number of US Government departments — Homeland Security and Treasury among them — have been named as being affected. FireEye, too, appears to have been a victim. The Orion software has very wide usage in the US and also in Britain.
The attribution of the attacks to Russia has been made by only one publication, the Washington Post, with the individual who wrote the report, Ellen Nakashima, being the same person who started the now-discarded theory that Russia was responsible for email leaks to WikiLeaks during the 2016 presidential election.
No US Government agency or private security firm has made any attribution, apart from stating the obvious, that the attacks were very well crafted and had to be by a well-resourced outfit.
Lee said it was not reasonable to expect the government to be the security guarantor for private firms and that the latter had to look after themselves.
He was scathing about companies that offered so-called magic AI solutions that were claimed to be the ultimate preventive, adding that he did not want to hear even one mention of bastardised implementations of the intrusion detection software Snort being sold by this vendor or that.