Sun starts to set on SolarWinds attack as White House scales back efforts

Microsoft Server Bath (Image credit: Microsoft)

What you need to know

Coordinated efforts by several U.S. agencies to combat the SolarWinds hack will be scaled back.
The government will return to using "standard incident management procedures" going forward.
The White House plans to work with Congress, the private sector, and global partners to respond to similar attacks in the future.

The U.S. government will scale back its efforts to combat the SolarWinds hack. The government has utilized two unified coordination groups (UCGs) to respond to the hack and will return to using "standard incident management procedures" going forward. The groups are made up of the FBI, the NSA, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency (CISA).

A senior administration official of the Biden administration announced that the administration is "standing down" coordinated efforts by the agencies.

"Due to the vastly increased patching and reduction in victims, we are standing down the current UCG surge efforts and will be handling further responses through standard incident management procedures," said deputy national security advisor for cyber and emerging technology Anne Neuberger in a statement (via The Hill).

At least nine federal agencies and 100 private sector groups were compromised as part of the SolarWinds hack. Vulnerabilities in Microsoft's Exchange server technology played a major role in the hack, which the coordinated groups responded to.

"While this will not be the last major incident, the SolarWinds and Microsoft Exchange UCGs highlight the priority and focus the Administration places on cybersecurity, and at improving incident response for both the U.S. government and the private sector," said Neuberger.

The SolarWinds hack created serious security vulnerabilities across a range of organizations and sectors. Neuberger said that the white House will work with Congress, global partners, and the private sector to "build back better in new and innovative ways, to modernize our cyber defenses and enhance the nation's ability to quickly and effectively respond to significant cybersecurity incidents."

The SolarWinds hack was formally attributed to Russia by the Biden administration. The administration also announced several sanctions against Russia in response to the hack (via The Hill).

While Microsoft took several steps to address vulnerabilities utilized by the hack, many organizations remained vulnerable. Mitigation tools and patches were sent out, but some organizations did not have the knowledge or ability to remove remaining web shells left as part of the hack. In a rare move, the FBI received a warrant and actively removed malicious code from computers to help combat the attack (via NBC).

Sean Endicott is a news writer and apps editor for Windows Central with 11+ years of experience. A Nottingham Trent journalism graduate, Sean has covered the industry’s arc from the Lumia era to the launch of Windows 11 and generative AI. Having started at Thrifter, he uses his expertise in price tracking to help readers find genuine hardware value.

Beyond tech news, Sean is a UK sports media pioneer. In 2017, he became one of the first to stream via smartphone and is an expert in AP Capture systems. A tech-forward coach, he was named 2024 BAFA Youth Coach of the Year. He is focused on using technology—from AI to Clipchamp—to gain a practical edge.