The UK government has for the first time today exposed details of the SVR’s cyber program
The SVR is Russia’s civilian foreign intelligence service and is the successor organization to the KGB’s First Chief Directorate. It predominantly targets overseas governmental, diplomatic, think-tank, healthcare and energy targets for intelligence purposes. It is technologically advanced, developing capabilities to try to operate undetected against countries in Europe, NATO members and its near neighbours.
“We learned in December 2020 that a highly skilled cyber-actor compromised the networks of thousands of SolarWinds customers, including over a hundred Canadian entities, by installing malware through program updates. This allowed the actor to target a smaller subset of those victims with additional malware for cyber-espionage purposes. This compromise has forced third parties to conduct costly mitigation activities and may have undermined public confidence in downloading software updates. Marc Garneau, Canada’s Minister of Foreign Affairs
A compromise of SolarWinds IT services firm was discovered in December 2020. SolarWinds confirmed 18,000 organizations across the world including US Government departments were affected. The overall impact on the UK of the SVR’s exploitation of this software is low. National Cyber Security Centre (NCSC) advice on how to protect against this threat is available
The NCSC has assessed that it is highly likely Russia’s Foreign Intelligence Services are responsible for the compromise of SolarWinds software, Orion, and subsequent targeting.