US plans mix of 'seen and unseen' actions against Russia over SolarWinds attacks

Cyber offensive, which could start later this month, intended to send a signal to the Kremlin

The US government is preparing to conduct offensive cyber attacks against Russia within weeks after concluding that it was likely involved in widespread SolarWinds Orion attacks that affected many government agencies and private firms.

Citing unnamed government officials, the New York Times reported on Sunday that some kind of response could come before the end of the month.

The sources told the publication that the US government is expected to take actions that would be less evident to outsiders but would send a clear signal to Moscow.

"The first major move is expected over the next three weeks, with a series of clandestine actions across Russian networks that are intended to be evident to President Vladimir Putin and his intelligence services and military, but not to the wider world", the sources argued.

They added that the US could also impose more economic sanctions against Russia.

In coming days, President Biden is also likely to sign an executive order designed to make government networks more secure.

White House press secretary Jen Psaki also confirmed to CNBC that the government is preparing to take "a mix of actions seen and unseen" in response to attacks from Russia, although she did not provide details.

"We will not publicly discuss certain aspects of our response," Psaki said.

Russia has repeatedly rejected accusations that it had any involvement in cyber attacks against the US federal agencies or corporate networks.

The SolarWinds hack was uncovered earlier this year, after security researchers found that attackers had infiltrated several US government agencies that used software from the network software vendor.

The attack affected several corporate networks as well. Microsoft said in January that the attackers were able to access some of Microsoft's source code, although they could not make any changes to it.

Earlier, networking equipment maker Cisco had confirmed that nearly two dozen computer systems used by Cisco researchers in the company lab were compromised through SolarWinds-related malware.

In January, security researchers at Kaspersky said that they had found clues suggesting a link between the SolarWinds attack and hacking tools used by the Russian Turla group in the past.

According to researchers, the source code for SunBurst, the malware used by SolarWinds hackers, overlapped with the Kazuar backdoor deployed by Turla to target various embassies and foreign ministers in Europe and across the world for sensitive data.

The Turla group, which is also known by the names Snake and Venomous Bear, has a long history of espionage-focused hacking. The group is associated with the FSB - a Russian intelligence service.

Meanwhile, the US cyber security agencies are also trying to deal with another state-sponsored attack, allegedly coming from China.

Earlier this month, Microsoft released security updates for four previously-unknown Exchange Server vulnerabilities and urged users to patch their systems as soon as possible. The company said that Chinese state-sponsored group ' Hafnium ' was exploiting these bugs to compromise the networks of various organisations in the US.

At least 30,000 organisations across the United States have been compromised through these vulnerabilities, security researcher Brian Krebs claimed earlier this week. According to Krebs, attackers have seeded "hundreds of thousands" of organisations worldwide with "tools that give the attackers total remote control over affected systems".

Psaki said last week that the vulnerabilities "could have far-reaching impacts," and that the White House was concerned about the increasing number of victims.