Close this search box.

America expels 10 Russian diplomats over Solarwinds attack


The U.S. Dept of Treasury has imposed sweeping sanctions against Russia for “undermining the conduct of free and fair elections and democratic institutions”

It is the ultimate cyber espionage tale for the modern day: the biggest modern-day cyber security incident having potentially been the doing of a foreign power. And yet, for its Bond-esque connotations, the truth is that some level of foreign involvement was most likely in the Solarwinds attack that took place late last year.

The United States and United Kingdom last week formally attributed the supply chain attack of IT infrastructure management company SolarWinds with “high confidence” to government operatives working for Russia’s Foreign Intelligence Service (SVR).

The U.K. government said in a statement that

Russia’s pattern of malign behaviour around the world – whether in cyberspace, in election interference or in the aggressive operations of their intelligence services – demonstrates that Russia remains the most acute threat to the U.K.’s national and collective security

The U.S. Department of the Treasury has imposed sweeping sanctions against Russia for “undermining the conduct of free and fair elections and democratic institutions” in the U.S. and for its role in facilitating the sprawling SolarWinds hack, while also barring 6 technology companies in the country that provide support to the cyber program run by Russian Intelligence Services.

The companies include:

  • ERA Technopolis
  • Pasit
  • Federal State Autonomous Scientific Establishment Scientific Research Institute Specialized Security Computing Devices and Automation (SVA)
  • Neobit
  • Advanced System Technology
  • Pozitiv Teknolodzhiz (Positive Technologies).

The last three of these are IT security firms whose customers are said to include important Russian ministries including the Russian Ministry of Defense, SVR and the Federal Security Service (FSB).

In addition, the Biden administration is also expelling ten members of Russia’s diplomatic mission in Washington, D.C., including representatives of its intelligence services.

“The scope and scale of this compromise combined with Russia’s history of carrying out reckless and disruptive cyber operations makes it a national security concern,” the Treasury Department said. “The SVR has put at risk the global technology supply chain by allowing malware to be installed on the machines of tens of thousands of SolarWinds’ customers.”

For its part, Moscow previously denied involvement in the SolarWinds campaign, stating “it does not conduct offensive operations in the cyber domain.”

The intrusions came to light in December 2020 when FireEye and other cybersecurity firms revealed that the operators behind the espionage campaign managed to compromise the software build and code signing infrastructure of SolarWinds Orion platform as early as October 2019 to deliver the Sunburst backdoor with the goal of gathering sensitive information.

Up to 18,000 SolarWinds customers are believed to have received the trojanized Orion update, although the attackers carefully selected their targets, opting to escalate the attacks only in a handful of cases by deploying Teardrop malware based on an initial reconnaissance of the target environment for high-value accounts and assets.

The threat actors’ compromise of the SolarWinds software supply chain is said to have given it the ability to remotely spy or potentially disrupt more than 16,000 computer systems worldwide, according to the executive order issued by the U.S. government.

Besides infiltrating the networks of Microsoft, FireEye, Malwarebytes, and Mimecast, attackers are also said to have used SolarWinds as a stepping stone to breaching several U.S. agencies such as the National Aeronautics and Space Administration (NASA), the Federal Aviation Administration (FAA), and the Departments of State, Justice, Commerce, Homeland Security, Energy, Treasury, and the National Institutes of Health.

U.K. Foreign Secretary Dominic Raab said:

We see what Russia is doing to undermine our democracies. The U.K. and U.S. are calling out Russia’s malicious behaviour, to enable our international partners and businesses at home to better defend and prepare themselves against this kind of action.

Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.


Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235


Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →



Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution



A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →