The U.S. government will scale back its efforts to combat the SolarWinds hack. The government has utilized two unified coordination groups (UCGs) to respond to the hack and will return to using “standard incident management procedures” going forward. The groups are made up of the FBI, the NSA, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency (CISA).
A senior administration official of the Biden administration announced that the administration is “standing down” coordinated efforts by the agencies.
“Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures,” said deputy national security advisor for cyber and emerging technology Anne Neuberger in a statement (via The Hill).
At least nine federal agencies and 100 private sector groups were compromised as part of the SolarWinds hack. Vulnerabilities in Microsoft’s Exchange server technology played a major role in the hack, which the coordinated groups responded to.
“While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector,” said Neuberger.
The SolarWinds hack created serious security vulnerabilities across a range of organizations and sectors. Neuberger said that the white House will work with Congress, global partners, and the private sector to “build back better in new and innovative ways, to modernize our cyber defenses and enhance the nation’s ability to quickly and effectively respond to significant cybersecurity incidents.”
The SolarWinds hack was formally attributed to Russia by the Biden administration. The administration also announced several sanctions against Russia in response to the hack (via The Hill).
While Microsoft took several steps to address vulnerabilities utilized by the hack, many organizations remained vulnerable. Mitigation tools and patches were sent out, but some organizations did not have the knowledge or ability to remove remaining web shells left as part of the hack. In a rare move, the FBI received a warrant and actively removed malicious code from computers to help combat the attack (via NBC).