U.S. Agency Says SolarWinds Orion Supply Chain Compromise is Not the Only Initial Infection Vector Leveraged by APT Actor
The U.S. government on Thursday added a new wrinkle to the global emergency response to the SolarWinds software supply chain attack, warning there are “additional initial access vectors” that have not yet been documented.
As the incident response and threat hunting world focuses on the SolarWinds Orion products as the initial entry point for the attacks, the Cybersecurity and Infrastructure Security Agency (CISA) added a note to its advisory to warn of the new information.
“CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated,” according to the updated advisory (PDF).
The agency did not provide additional details, but promised to update its communications as new information becomes available.
The agency also strengthened the language in its communications, describing the threat as posing “grave risk” to the Federal Government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations.
The newly discovered attack, believed to be an espionage operation by a foreign state-backed actor, has hit multiple U.S. government agencies, critical infrastructure entities, and private sector organizations.
“This APT actor has demonstrated patience, operational security, and complex tradecraft in these intrusions. CISA expects that removing this threat actor from compromised environments will be highly complex and challenging for organizations,” CISA noted.
The U.S. government has issued an emergen ..
Support the originator by clicking the read the rest link below.
