# Russia: UK exposes Russian involvement in SolarWinds cyber compromise **[gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise](https://www.gov.uk/government/news/russia-uk-exposes-russian-involvement-in-solarwinds-cyber-compromise)** Foreign, Commonwealth & Development Office We use some essential cookies to make this website work. We’d like to set additional cookies to understand how you use GOV.UK, remember your settings and improve government services. We also use cookies set by other sites to help us deliver content from their services. The SVR is Russia’s civilian foreign intelligence service and is the successor organization to the KGB’s First Chief Directorate. It predominantly targets overseas governmental, diplomatic, think-tank, healthcare and energy targets for intelligence purposes. It is technologically advanced, developing capabilities to try to operate undetected against countries in Europe, NATO members and its near neighbours. A compromise of SolarWinds IT services firm was discovered in December 2020. SolarWinds confirmed 18,000 organisations across the world including US Government departments were affected. The overall impact on the UK of the SVR’s exploitation of this software is low. National Cyber Security Centre (NCSC) advice on how to protect against this threat is [available](https://www.ncsc.gov.uk/guidance/dealing-with-the-solarwinds-orion-compromise) The NCSC has assessed that it is highly likely Russia’s Foreign Intelligence Services are responsible for the compromise of SolarWinds software, Orion, and subsequent targeting. Further details on the framework used by the UK Government for all source intelligence [assessments, including the probability yardstick, are available from here](https://files.civilservicejobs.service.gov.uk/admin/fairs/apptrack/download.cgi?SID=b3duZXI9NTA3MDAwMCZvd25lcnR5cGU9ZmFpciZkb2NfdHlwZT12YWMmZG9jX2lkPTc4NjA0NiZ2ZXJpZnk9Yjg4MDZhNmVmZjA4ZTYxYWFkMDViY2YzMGYxZTRkNjU=) SVR cyber actors are known and tracked in open source as: APT29 Cozy Bear The Dukes. This incident is part of a pattern of behaviour by the SVR, which includes: **Date** **Incident** **Description** Ongoing since at least 2011 Ongoing since at least 2015 MFAs and MoD establishments in Europe and NATO member countries Targeting research institutes and think tanks. The SVR uses their access to governmental networks across Europe and NATO member countries to collect intelligence information, including that of ongoing geopolitical issues. The SVR targeted research institutes and think tanks for intelligence collection. ----- **Date** **Incident** **Description** 2020 SolarWinds 18,000 organisations across the world including US Government departments’ were affected by the SVR compromising Solar Winds Orion software. The UK government has previously exposed details of other parts of the Russia intelligence service conducting cyber operations. With the information provided today, the UK government has exposed the following parts of the Russian cyber programme: **Russian Intelligence Services Cyber Structures** ## Russian Intelligence Services Cyber Structures JPEG, 76.4 KB This file may not be suitable for users of assistive technology. Request an accessible format. If you use assistive technology (such as a screen reader) and need a version of this [document in a more accessible format, please email fcdo.correspondence@fcdo.gov.uk.](http://10.10.0.46/mailto:fcdo.correspondence@fcdo.gov.uk?body=Details%20of%20document%20required%3A%0A%0A%20%20Title%3A%20Russian%20Intelligence%20Services%20Cyber%20Structures%0A%20%20Original%20format%3A%20jpg%0A%0APlease%20tell%20us%3A%0A%0A%20%201.%20What%20makes%20this%20format%20unsuitable%20for%20you%3F%0A%20%202.%20What%20format%20you%20would%20prefer%3F%0A%20%20%20%20%20%20&subject=Request%20for%20%27Russian%20Intelligence%20Services%20Cyber%20Structures%27%20in%20an%20alternative%20format) Please tell us what format you need. It will help us if you say what assistive technology you use. Press release The UK government has for the first time today exposed details of the SVR’s cyber programme. Published 15 April 2021 -----