Us? Pwn SolarWinds? With our reputation? Russian spy chief makes laughable denial of supply chain attack

Hint: He doesn't care if you personally think it's rubbish, and here's why


A Russian spymaster has denied that his agency carried out the infamous SolarWinds supply chain attack in a public relations move worthy of the Internet Research Agency.

Sergei Naryshkin, head of the SVR spy agency, made his denial in a BBC interview broadcast on Tuesday.

"I'd be flattered to hear such an assessment of the work of the Foreign Intelligence service which I run. Such a high evaluation," said the spymaster in remarks translated by the BBC. The SolarWinds supply chain attack saw US and UK government institutions probed by Russian spies, as well as FireEye – itself a major US cybersecurity contractor.

"But I don't have the right to claim the creative achievements of others as my own," continued the SVR chief. As for whodunnit, he was less equivocal. When asked who carried out the SolarWinds attack, Naryshkin had an answer: the US and Britain.

After all, what proof was there that he and his spy agency were to blame? "There is none at least, none that has been made public. Have you seen proof?" he asked his BBC interviewer, who maintained a poker face.

"No, neither have I," said the spymaster. "At the same time we looked into who might be behind all of this."

Naryshkin then read aloud from a typed document, prepared with a noticeably large font size, and claimed that the Snowden revelations "proved" the US and UK were to blame because American spies deliberately weakened a default random number generation algorithm used in RSA products about a decade ago.

Divide and conquer

Nonetheless, the SVR chief's move is not without precedent. Before the fall of the Berlin Wall, Soviet Russia was well practised in two disciplines of military thought known as dezinformatsiya and maskirovka. Neither term translates well into English but one was about spreading false information among its enemies for political or socially disruptive gains and the other focused on battlefield deception.

These two broad concepts were briefly combined by policy wonks in the free world into something (misleadingly) called the Gerasimov Doctrine in the early 2010s, a term the US academic who coined it now hates – while grudgingly conceding that the spreading of disinformation in an effort to break down the West's trust in state institutions is Russia's aim in itself, even if the whole idea wasn't plucked out of thin air by one general as the term suggests.

As Stanford Internet Observatory's research manager Renee DiResta explained at last year's Black Hat conference: "Russia simply wants to divide people along existing social fissures, so they only have to reaffirm what their targets already believe."

"Russians are not trying to tell a story," explained DiResta in her 2020 talk, "They are simply dividing the population of the adversary."

So Sergey Naryshkin sat in front of the BBC's cameras and declared that the SVR didn't carry out the SolarWinds attacks, despite clear evidence presented by the global cybersecurity industry and the US and UK governments. It's not about making a truthful statement, it's about making the West doubt itself.

Not only the West: Russian-headquartered Kaspersky Lab made tentative findings after the SolarWinds attack that the Turla malware crew, which is thought to have links to SVR sister agency the FSB, might have been involved. On top of that, FireEye itself made public some of Russia cyber unit's tactics, techniques, and procedures, a move echoed post-attribution by the UK's National Cyber Security Centre. ®

Similar topics

Narrower topics


Other stories you might like

  • Lonestar plans to put datacenters in the Moon's lava tubes
    How? Founder tells The Register 'Robots… lots of robots'

    Imagine a future where racks of computer servers hum quietly in darkness below the surface of the Moon.

    Here is where some of the most important data is stored, to be left untouched for as long as can be. The idea sounds like something from science-fiction, but one startup that recently emerged from stealth is trying to turn it into a reality. Lonestar Data Holdings has a unique mission unlike any other cloud provider: to build datacenters on the Moon backing up the world's data.

    "It's inconceivable to me that we are keeping our most precious assets, our knowledge and our data, on Earth, where we're setting off bombs and burning things," Christopher Stott, founder and CEO of Lonestar, told The Register. "We need to put our assets in place off our planet, where we can keep it safe."

    Continue reading
  • Conti: Russian-backed rulers of Costa Rican hacktocracy?
    Also, Chinese IT admin jailed for deleting database, and the NSA promises no more backdoors

    In brief The notorious Russian-aligned Conti ransomware gang has upped the ante in its attack against Costa Rica, threatening to overthrow the government if it doesn't pay a $20 million ransom. 

    Costa Rican president Rodrigo Chaves said that the country is effectively at war with the gang, who in April infiltrated the government's computer systems, gaining a foothold in 27 agencies at various government levels. The US State Department has offered a $15 million reward leading to the capture of Conti's leaders, who it said have made more than $150 million from 1,000+ victims.

    Conti claimed this week that it has insiders in the Costa Rican government, the AP reported, warning that "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power, you have introduced an emergency." 

    Continue reading
  • China-linked Twisted Panda caught spying on Russian defense R&D
    Because Beijing isn't above covert ops to accomplish its five-year goals

    Chinese cyberspies targeted two Russian defense institutes and possibly another research facility in Belarus, according to Check Point Research.

    The new campaign, dubbed Twisted Panda, is part of a larger, state-sponsored espionage operation that has been ongoing for several months, if not nearly a year, according to the security shop.

    In a technical analysis, the researchers detail the various malicious stages and payloads of the campaign that used sanctions-related phishing emails to attack Russian entities, which are part of the state-owned defense conglomerate Rostec Corporation.

    Continue reading

Biting the hand that feeds IT © 1998–2022