Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign.The SolarWinds Supply Chain AttackIn mid-December 2020, the security community learned that an advanced persistent threat (APT) had targeted SolarWinds’ Orion network management software with a backdoor. Tripwire VERT
warned that the those responsible for the attack campaign could use the backdoor to compromise a network and move laterally in order to ultimately exfiltrate sensitive information.The U.S. Cybersecurity and Infrastructure Security Agency
(CISA) subsequently ordered Federal Civilian Executive Branch agencies to disconnect their Orion software from their networks until it provided them with guidance about patches sometime in the future. Even so, plenty of federal departments confirmed a compromise in the weeks and months that followed. Those entities included the Pentagon, the Department of Homeland Security, the Department of State, the National Institute of Health, the Department of Justice, the National Nuclear Security Administration, NSA and the Federal Aviation Administration (FAA).The HAFNIUM Exchange Exploit CampaignNot long after SolarWinds disclosed the supply chain attack, Microsoft
warned of a threat actor called “HAFNIUM” exploiting four vulnerabilities in its Exchange Server software in an effort to steal data from vulnerable organizations. The tech firm said in its security advisory that it briefed U.S. government agencies about HAFNIUM’s ongoing attack campaign. In response, CISA released another emergenc ..