{"id":40478,"date":"2021-04-16T15:03:45","date_gmt":"2021-04-16T15:03:45","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/32205\/US-Government-Strikes-Back-At-Kremlin-For-SolarWinds-Hack-Campaign.html"},"modified":"2021-04-16T15:03:45","modified_gmt":"2021-04-16T15:03:45","slug":"us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/","title":{"rendered":"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign"},"content":{"rendered":"<figure class=\"intro-image intro-left\"><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/GettyImages-1135771498-2-800x450.jpg\" alt=\"US government strikes back at Kremlin for SolarWinds hack campaign\"><figcaption class=\"caption\">\n<div class=\"caption-credit\">Matt Anderson Photography\/Getty Images<\/div>\n<\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"><a title=\"73 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/tech-policy\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">129<\/span> <span class=\"visually-hidden\"> with 73 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p><!-- cache hit 657:single\/related:04bd4e30ced03f79a18676abba1ba8ca --><!-- empty --><\/p>\n<p>US officials on Thursday formally blamed Russia for backing one of the worst espionage hacks in recent US history and imposed sanctions designed to mete out punishments for that and other recent actions.<\/p>\n<p>In a <a href=\"https:\/\/arstechnica.com\/tech-policy\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/nsa.gov\/News-Features\/Feature-Stories\/Article-View\/Article\/2573391\/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili\/\">joint advisory<\/a>, the National Security Agency, FBI, and Cybersecurity and Information Security Agency said that Russia\u2019s Foreign Intelligence Service, abbreviated as the SVR, carried out the <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/russian-hackers-hit-us-government-using-widespread-supply-chain-attack\/\">supply-chain attack<\/a> on customers of the network management software from Austin, Texas-based SolarWinds.<\/p>\n<p>The operation infected SolarWinds\u2019 software build and distribution system and used it to <a href=\"https:\/\/arstechnica.com\/gadgets\/2021\/03\/tens-of-thousands-of-us-organizations-hit-in-ongoing-microsoft-exchange-hack\/\">push backdoored updates<\/a> to about <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/18000-organizations-downloaded-backdoor-planted-by-cozy-bear-hackers\/\">18,000 customers<\/a>. The hackers then sent follow-up payloads to about 10 US federal agencies and about 100 private organizations. Besides the SolarWinds supply-chain attack, the hackers also used password guessing and other techniques to breach networks.<\/p>\n<p>After the massive operation came to light, Microsoft President Brad Smith called it an \u201c<a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/only-an-elite-few-solarwinds-hack-victims-received-follow-on-attacks\/\">act of recklessness<\/a>.\u201d In a call with reporters on Thursday, NSA Director of Cybersecurity Rob Joyce echoed the assessment that the operation went beyond established norms for government spying.<\/p>\n<p>\u201cWe observed absolutely espionage,\u201d Joyce said. \u201cBut what is concerning is from that platform, from the broad scale of availability of the access they achieved, there\u2019s the opportunity to do other things, and that\u2019s something we can\u2019t tolerate and that\u2019s why the US government is imposing costs and pushing back on these activities.\u201d<\/p>\n<p>Thursday\u2019s joint advisory said that the SVR-backed hackers are behind other recent campaigns targeting COVID-19 research facilities, both by infecting them with malware known as both <a href=\"https:\/\/www.ncsc.gov.uk\/files\/Advisory-APT29-targets-COVID-19-vaccine-development.pdf\">WellMess and WellMail<\/a> and by exploiting a <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/nsa-says-russian-state-hackers-are-using-a-vmware-flaw-to-ransack-networks\/\">critical vulnerability in VMware software<\/a>.<\/p>\n<p>The advisory went on to say that the Russian intelligence service is continuing its campaign, in part by targeting networks that have yet to patch one of the five following critical vulnerabilities. Including the VMware flaw, they are:<\/p>\n<ul>\n<li>CVE-2018-13379 Fortinet FortiGate VPN<\/li>\n<li>CVE-2019-9670 Synacor Zimbra Collaboration Suite<\/li>\n<li>CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN<\/li>\n<li>CVE-2019-19781 Citrix Application Delivery Controller and Gateway<\/li>\n<li>CVE-2020-4006 VMware Workspace ONE Access<\/li>\n<\/ul>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>\u201cMitigation against these vulnerabilities is critically important as US and allied networks are constantly scanned, targeted, and exploited by Russian state-sponsored cyber actors,\u201d the advisory stated. It went on to say that the \u201cNSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations.\u201d<\/p>\n<p>A representative of VPN provider Pulse noted that patches for CVE-2019-11510 were released in April 2019. &#8220;Customers who followed the instructions in a Pulse Secure security advisory issued at that time have properly protected their systems and mitigated the threat.&#8221; FortiNet in recent weeks has also pointed out it patched CVE-2018-13379 in May 2019. The makers of the other affected hardware and software have also issued fixes.<\/p>\n<figure class=\"image shortcode-img center full\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2021\/04\/cves-targeted-by-russia.jpg\" width=\"603\" height=\"780\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<p>The US Treasury Department, meanwhile, <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/jy0127\">imposed sanctions<\/a> to retaliate for what it said were \u201caggressive and harmful activities by the Government of the Russian Federation.\u201d The measures include new prohibitions on Russian sovereign debt and sanctions on six Russia-based firms that the Treasury Department said \u201csupported the Russian Intelligence Services\u2019 efforts to carry out malicious cyber activities against the United States.\u201d<\/p>\n<p>The firms are:<\/p>\n<ul>\n<li>ERA Technopolis, a research center operated by the Russian Ministry of Defense for transferring the personnel and expertise of the Russian technology sector to the development of technologies used by the country\u2019s military. ERA Technopolis supports Russia\u2019s Main Intelligence Directorate (GRU), a body responsible for offensive cyber and information operations.<\/li>\n<li>Pasit, a Russia-based information technology company that has conducted research and development supporting malicious cyber operations by the SVR.<\/li>\n<li>SVA, a Russian state-owned research institute specializing in advanced systems for information security located in that country. SVA has done research and development in support of the SVR\u2019s malicious cyber operations.<\/li>\n<li>Neobit, a Saint Petersburg, Russia-based IT security firm whose clients include the Russian Ministry of Defense, SVR, and Russia\u2019s Federal Security Service. Neobit conducted research and development in support of the cyber operations conducted by the FSB, GRU, and SVR.<\/li>\n<li>AST, a Russian IT security firm whose clients include the Russian Ministry of Defense, SVR, and FSB. AST provided technical support to cyber operations conducted by the FSB, GRU, and SVR.<\/li>\n<li>Positive Technologies, a Russian IT security firm that supports Russian Government clients, including the FSB. Positive Technologies provides computer network security solutions to Russian businesses, foreign governments, and international companies and hosts recruiting events for the FSB and GRU.<\/li>\n<\/ul>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>\u201cThe reason they were called out is because they\u2019re an integral part and participant in the operation that the SVR executes,\u201d Joyce said of the six companies. \u201cOur hope is that by denying the SVR the support of those companies, we\u2019re impacting their ability to project some of this malicious activity around the world and especially into the US.\u201d<\/p>\n<p>Russian government officials have steadfastly denied any involvement in the SolarWinds campaign.<\/p>\n<p>Besides attributing the SolarWinds campaign to the Russian government, Thursday\u2019s release from the Treasury Department also said that the SVR was behind the August 2020 poisoning of Russian opposition leader Aleksey Navalny with a chemical weapon, the targeting of Russian journalists and others who openly criticize the Kremlin, and the theft of \u201cred team tools,\u201d which use exploits and other attack tools to mimic cyber attacks.<\/p>\n<p>The &#8220;red team tools&#8221; reference was likely related to the offensive tools taken from FireEye, the security firm that first identified the Solar Winds campaign after discovering its <a href=\"https:\/\/arstechnica.com\/information-technology\/2020\/12\/security-firm-fireeye-says-nation-state-hackers-stole-potent-attack-tools\/\">network had been breached<\/a>.<br \/>\nThe Treasury department went on to say that the Russian government \u201ccultivates and co-opts criminal hackers\u201d to target US organizations. One group, known as Evil Corp., was <a href=\"https:\/\/home.treasury.gov\/news\/press-releases\/sm845\">sanctioned<\/a> in 2019. That same year, federal prosecutors <a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/12\/members-of-evil-corp-the-cybercrime-group-that-lived-in-luxury-are-indicted\/\">indicted the Evil Corp kingpin<\/a> Maksim V. Yakubets and posted a $5 million bounty for information that leads to his arrest or conviction.<\/p>\n<p>Although overshadowed by the sanctions and the formal attribution to Russia, the most important takeaway from Thursday\u2019s announcements is that the SVR campaign remains ongoing and is currently leveraging the exploits mentioned above. Researchers <a href=\"https:\/\/twitter.com\/bad_packets\/status\/1382738876817494019\">said on Thursday<\/a> that they\u2019re seeing Internet scanning that is intended to identify servers that have yet to patch the Fortinet vulnerability, which the company fixed in 2019. Scanning for the other vulnerabilities is also likely ongoing.<\/p>\n<div class=\"twitter-tweet\">\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">Mass scanning activity detected from 168.63.249.142 (\ud83c\uddf8\ud83c\uddec) targeting Fortinet VPN servers vulnerable to unauthenticated arbitrary file read (CVE-2018-13379) leading to disclosure of usernames and passwords in plaintext. <a href=\"https:\/\/twitter.com\/hashtag\/threatintel?src=hash&amp;ref_src=twsrc%5Etfw\">#threatintel<\/a> <a href=\"https:\/\/t.co\/heH9jxhmyS\">pic.twitter.com\/heH9jxhmyS<\/a><\/p>\n<p>\u2014 Bad Packets (@bad_packets) <a href=\"https:\/\/twitter.com\/bad_packets\/status\/1382738876817494019?ref_src=twsrc%5Etfw\">April 15, 2021<\/a><\/p><\/blockquote>\n<\/div>\n<p>People managing networks, particularly any that have yet to patch one of the five vulnerabilities, should read the <a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa20-352a\">latest CISA alert<\/a>, which provides extensive technical details about the ongoing hacking campaign and ways to detect and mitigate compromises.<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/32205\/US-Government-Strikes-Back-At-Kremlin-For-SolarWinds-Hack-Campaign.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":40479,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[9331],"class_list":["post-40478","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinegovernmentusarussiacyberwarspywarebackdoor"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>US Government Strikes Back At Kremlin For SolarWinds Hack Campaign 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-04-16T15:03:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"450\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign\",\"datePublished\":\"2021-04-16T15:03:45+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/\"},\"wordCount\":1151,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg\",\"keywords\":[\"headline,government,usa,russia,cyberwar,spyware,backdoor\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/\",\"name\":\"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg\",\"datePublished\":\"2021-04-16T15:03:45+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/04\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg\",\"width\":800,\"height\":450},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,government,usa,russia,cyberwar,spyware,backdoor\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinegovernmentusarussiacyberwarspywarebackdoor\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/","og_locale":"en_US","og_type":"article","og_title":"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-04-16T15:03:45+00:00","og_image":[{"width":800,"height":450,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign","datePublished":"2021-04-16T15:03:45+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/"},"wordCount":1151,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg","keywords":["headline,government,usa,russia,cyberwar,spyware,backdoor"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/","url":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/","name":"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg","datePublished":"2021-04-16T15:03:45+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/04\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign.jpg","width":800,"height":450},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/us-government-strikes-back-at-kremlin-for-solarwinds-hack-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,government,usa,russia,cyberwar,spyware,backdoor","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinegovernmentusarussiacyberwarspywarebackdoor\/"},{"@type":"ListItem","position":3,"name":"US Government Strikes Back At Kremlin For SolarWinds Hack Campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40478","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40478"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40478\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/40479"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40478"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40478"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40478"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}