WASHINGTON -- President-elect Joe Biden on December 17 called a recent, large-scale, and ongoing cyberattack against U.S. government agencies and companies a “great concern” and promised to impose “substantial costs” on the perpetrators.
The Department of Homeland Security, the Treasury Department, and the Commerce Department were among those targeted in the massive attack, according to media reports, quoting unidentified officials with knowledge of the cyberattack.
Hackers working on behalf of a foreign government undertook the attack, which began months ago but was only recently discovered.
“We need to disrupt and deter our adversaries from undertaking significant cyberattacks in the first place,” Biden said in a statement on December 17. “We will do that by, among other things, imposing substantial costs on those responsible for such malicious attacks, including in coordination with our allies and partners.”
Senator Dick Durbin (Democrat-Illinois), following a briefing by U.S. intelligence agencies on December 16, blamed the attack on Russia.
The Russian Embassy in Washington has denied any involvement, saying in a statement on December 14 that Russia “does not conduct offensive operations in the cyber domain.”
Biden said his incoming administration is working with the government agencies impacted to learn all it can about the attack.
“There’s a lot we don’t yet know, but what we do know is a matter of great concern,” he said.
The president-elect, who will be inaugurated on January 20, reiterated that he would make cybersecurity and resolving the current attack a top priority in his administration.
He also promised to increase investment in cyberdefense alongside beefing up deterrence.
The technology company SolarWinds has said up to 18,000 of its customers downloaded a compromised update of its network-management software that allowed hackers to spy unnoticed for almost nine months.
It said hackers from an "outside nation state" inserted malicious code into the update, which was issued between March and June this year.
Customers of the little-known software company based in Texas include national governments and major corporations.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered federal agencies to stop using products made by SolarWinds.
The Pentagon said it had so far found “no evidence of compromise” on its classified and unclassified networks from the “evolving cyber incident.”