US intelligence agencies have said they believe the “serious” cyber compromise, revealed in December, had “likely originated in Russia.” In a joint statement on January 5, task force group called Cyber Unified Coordination Group (UCG) stressed that the attack is believed to be an "intelligence gathering" attempt rather that cyber warfare, as touted by multiple lawmakers including President Donald Trump. The cyber-attack which attempted to sabotage online privacy and information has affected fewer than ten US government agencies along with several other organisations outside government.
In their collective report, the UCG, which was set up to deal with the attack, stated that the Advance Persistence Threat (APT) actor responsible was “likely Russian in origin”. Consisting of Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA), the committee said that they were “still working” to understand the scope of the online attack. Their latest finding was lauded by Sen. Mark Warner, the top Democrat on the Senate Intelligence Committee who said that he desired to see “more such concrete steps.”
"This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks. At this time, we believe this was, and continues to be, an intelligence gathering effort. We are taking all necessary steps to understand the full scope of this campaign and respond accordingly," an excerpt from the statement read.
Previously, American intelligence committee revealed that the hacking attempts were initially made in March 2019 when an updated IT network management tool called Orion was compromised. As per reports, thousands of people across American territory installed this compromised tool, many of whom worked in important US federal agencies. Out of these, 40 were chosen for further exploitation including the US Treasury and Department of Commerce, where emails are thought to have been read, and the National Telecommunications and Information Administration.