Hacker in a dark room

FireEye hedges on naming Russians as SolarWinds attackers

FireEye has not seen enough evidence to positively trace the hackers behind the ongoing SolarWinds Orion hack to Russian entities, a company executive said.

"We don't have sufficient evidence to support naming a specific sponsor," said Benjamin Reed, the cybersecurity company's director of threat intelligence.

Reed acknowledged that the federal government recently said the hackers are "likely Russian in origin," but FireEye has been calling the threat group UNC2452, with the UNC referring to “uncategorized.”

That notion that the attackers are likely Russian is "plausible from what we've seen," Reed said during a webinar this week. He added that Russian groups have been observed using the sophisticated methods being discovered by public and private investigators probing how UNC2452 managed to both breach and remain undetected on countless networks for months.

FireEye is credited as the first to detect an intrusion in SolarWinds Orion, an IT management software. Although FireEye is not attributing the attack to Russia yet, Reed said the company has also not seen any evidence pointing to another country.

Gregory Touhill, the federal government's first chief information security officer and a retired Air Force brigadier general, said FireEye's reluctance to attribute the attack to Russia is likely a matter of due diligence.

"When it comes to attribution, what the intelligence and law enforcement community has to do is … literally trace it all the way back to the root," he said. FireEye has to gather evidence that "will hold up in court. That's the realm that [FireEye] and others are dealing with. Those who don't have to prove it in court can say whatever they want."

This article was first posted to FCW, a sibling site to GCN.

About the Author

Justin Katz is a former staff writer at FCW.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected