Biden says Colonial Pipeline hackers based in Russia, but not government-backed

President Biden on Thursday confirmed that the cyber criminals involved in launching a ransomware attack that disrupted operations at Colonial Pipeline last week are likely based in Russia, though he said officials do not believe that the Russian government was involved. 

“We do not believe the Russian government was involved in this attack, but we do have strong reason to believe that the criminals who did the attack are living in Russia, that’s where it came from,” Biden said, citing findings from the FBI. 

“We have been in direct communication with Moscow about the imperative for responsible countries to take decisive action against ransomware networks,” he noted. “We are also going to pursue a measure to disrupt their ability to operate.”

Asked directly if he was confident Russian President Vladimir Putin was not involved, Biden emphasized that the FBI did not believe Putin was involved.

Biden said he would likely discuss the attack with Putin at some point.

“We are working to try to get to the place where we have an international standard that governments knowing that criminal activities are happening in their territory, that we all move on those criminal enterprises, and I expect that is one of the topics I will be talking about with President Putin,” Biden said. 

Biden’s comments came the day after Colonial Pipeline announced that it would resume operations after several days of being shut down due to an attack using what the FBI identified as the “DarkSide” ransomware variant.

The company, which provides 45 percent of the East Coast’s oil, shut down its operations in an effort to contain the attack to its IT network and not allow the hackers access to its operational technology.

Relations between the U.S. and Russia have grown tense over the last month following Biden’s decision to levy a sweeping array of sanctions on Russia in retaliation for both the SolarWinds hack and interference in U.S. elections.

Intelligence officials concluded earlier this year that Russian government-backed hackers were behind the SolarWinds attack, which involved the hackers exploiting vulnerabilities in software updates from IT group SolarWinds to compromise nine federal agencies and over 100 private sector groups. 

Russia is known as one of the greatest threats to the U.S. in cyberspace, and U.S. officials previously concluded the nation was behind hacking and disinformation efforts in the lead up to the 2016 U.S. elections.

The Biden administration has been forced by the Colonial Pipeline and SolarWinds attacks, among other escalating cyber threats, to take immediate action to strengthen federal cybersecurity.

As part of this, Biden signed an executive order Wednesday night to take a range of actions to make it more difficult for hackers to successfully compromise federal agencies. The order requires the establishment of baseline security standards for all software sold to the government, and that IT groups doing business with the federal government report breaches. 

Additionally, the administration launched a 100-day initiative in April to secure the electric sector against cyberattacks, with initiatives also planned to secure other critical sectors including the oil and gas industry.

“Private entities are in charge of their own cybersecurity,” Biden said Thursday. “We know what they need, they need greater private sector investment in cybersecurity.”

To further promote cybersecurity, Biden called on the Senate to vote on and approve the nominations of former National Security Agency Deputy Director Chris Inglis to serve as national cyber director at the White House, and of Jen Easterly to serve as the director of the Cybersecurity and Infrastructure Security Agency. 

Additionally, he stressed the importance of passing his infrastructure package to strengthen critical systems against attacks, and for Congress to take action to help the private sector defend itself. 

“I cannot dictate that the private companies do certain things relative to cybersecurity,” Biden said. “I think it’s becoming clear to everyone that we have to do more than is being done now, and the federal government can be significant value-added in having that happen.”