A global cyber espionage campaign has resulted in the networks of many organizations around the world becoming compromised after the attackers managed to breach the systems of Texas-based IT management and monitoring solutions provider SolarWinds.
Specifically, the attackers compromised the build system for the company’s Orion monitoring product, which enabled them to deliver trojanized updates to the company’s customers for at least three months.
The attackers delivered malware to possibly thousands of organizations, including cybersecurity firm FireEye (which broke the news about the attack) and various U.S. government organizations.
Russian state-sponsored threat actors are suspected to be behind this supply chain attack, but Russia has denied the accusations.
CISA says it has evidence of additional initial access vectors, other than SolarWinds’ Orion platform, but the agency is still investigating and it has not shared other information.
SecurityWeek is covering all the new information that emerges and here you can find a summary of all articles on this topic, as well as other useful resources. This article will be regularly updated with new information.
News Coverage
Hacked Networks Will Need to be Burned 'Down to the Ground' (12.19.20) - Experts say it’s going to take months to kick elite hackers widely believed to be Russian out of U.S. government networks. The only way to be sure a network is clean is “to burn it down to the ground and rebuild it,” expert Bruce Schneier said.
Pompeo Blames R ..
Support the originator by clicking the read the rest link below.
