What was discovered
The campaign has targeted government, consulting, technology, telecom, and extractive entities including multiple federal government agencies, including the U.S. Treasury and Commerce departments in North America, Europe, Asia, and the Middle East via the software supply chain attacks.
With meticulous planning and manual interaction, the attack operators have surreptitiously tainted the Orion update versions, released by software provider SolarWinds, with malware.
According to the researchers, various attacks in this campaign shares certain common elements across, such as light malware footprint, prioritization of stealth, High OPSEC, and more and the attackers have shown all the signs of a state-backed threat actor.
The malware used in this campaign was named Sunburst (by FireEye) and Solorigate (by Microsoft).
Similarly, the associated threat actor was named UNC2452 (by FireEye), while the Washington Post linked the intrusion to Russian-based hacking group APT29.
The after effect
According to Reuters, the seriousness of the hack has led to a rare National Security Council meeting at the White House, and CISA and the FBI were asked to investigate.
In addition, the CISA has published an emergency directive with instructions to mitigate ..
Support the originator by clicking the read the rest link below.
