Cybersecurity

White House says cyberattack on meat producer JBS likely from Russia

The White House said Tuesday that a cyberattack on major meat producer JBS USA this week likely originated from Russia, saying it is engaging with Moscow to hold accountable the hackers believed to be responsible for the attack.

“JBS notified the administration that the ransom demand came from a criminal organization, likely based in Russia,” White House principal deputy press secretary Karine Jean-Pierre told reporters Tuesday aboard Air Force One.

“The White House is engaging directly with the Russian government on this matter, and delivering the message that responsible states do not harbor ransomware criminals,” she added.

Jean-Pierre noted that JBS USA, which is the nation’s top beef producer, had notified the White House on Sunday that they had been hit by a ransomware attack, the same type of attack recently used by a Russian-based cyber criminal group that forced Colonial Pipeline to shut down systems for a week.

JBS said in a statement Monday that servers in North America and Australia had been impacted by the attack, and that some customer transactions may be delayed. The company has not publicly commented on the hackers responsible for the attack.

Jean-Pierre stressed that the engagement with the Russian government was part of a wider response from the Biden administration following the attack on JBS. The FBI is investigating the attack, with the Cybersecurity and Infrastructure Security Agency (CISA) providing technical support.

“The White House has offered assistance to JBS, and our team and the Department of Agriculture have spoken to their leadership several times in the last day,” Jean-Pierre told reporters, adding that the Agriculture Department had reached out to warn other major meat producers. 

“We’re assessing any impacts on supply, and the president has directed the administration to determine what we can do to mitigate any impacts as they may become necessary,” Jean-Pierre said. 

She pointed to President Biden’s focus on cybersecurity, specifically his recently signed executive order that directed a range of actions to shore up federal cybersecurity. The order was signed within a week of the attack on Colonial Pipeline, which led to shortages throughout several states for days, but the order had been planned since early in the administration following other major cyberattacks. 

These incidents included the SolarWinds hack, which allowed Russian government-backed hackers to compromise nine federal agencies and more than 100 private sector groups for around a year, and the vulnerabilities on Microsoft’s Exchange Server, which were exploited by Chinese hackers to potentially compromise thousands of groups. 

Last week, Microsoft assessed that the same Russian hackers behind the SolarWinds incident had used an email marketing application used by the U.S. Agency for International Development to send malicious phishing emails to more than 100 organizations. 

The escalating attacks come as Biden is preparing to meet with Russian President Vladimir Putin later this month in Switzerland to discuss a range of issues. Jean-Pierre stressed Tuesday that the summit would go forward despite the attacks.

“There is no substitute for leader-to-leader engagement, particularly for complex relationships, so it is important for President Biden to sit down with President Putin face-to-face to be clear about where we are, to understand where he is, to try to manage differences and to identify areas where we can make progress,” Jean-Pierre said.