Recently, FireEye researchers have disclosed that a global widespread campaign has been affecting public and private organizations around the world.
What was discovered
The campaign has targeted government, consulting, technology, telecom, and extractive entities including multiple federal government agencies, including the U.S. Treasury and Commerce departments in North America, Europe, Asia, and the Middle East via the software supply chain attacks.
- With meticulous planning and manual interaction, the attack operators have surreptitiously tainted the Orion update versions, released by software provider SolarWinds, with malware.
- According to the researchers, various attacks in this campaign shares certain common elements across, such as light malware footprint, prioritization of stealth, High OPSEC, and more and the attackers have shown all the signs of a state-backed threat actor.
- The malware used in this campaign was named Sunburst (by FireEye) and Solorigate (by Microsoft).
- Similarly, the associated threat actor was named UNC2452 (by FireEye), while the Washington Post linked the intrusion to Russian-based hacking group APT29.
The after effect
- According to Reuters, the seriousness of the hack has led to a rare National Security Council meeting at the White House, and CISA and the FBI were asked to investigate.
- In addition, the CISA has published an emergency directive with instructions to mitigate the SolarWinds Orion code compromise.
Recent attacks on government agencies
Last week, FireEye had also reported a similar attack carried out through Orion software. Recently, several APTs have been observed targeting government organizations across various countries.
- A Chinese state-sponsored APT group had targeted hundreds of Mongolian government agencies using supply chain attacks.
- Russian-speaking hackers had impersonated an evacuation letter from the Directorate General of Civil Aviation (India) as COVID-19 phishing lures to deliver the Go version of Zebrocy malware.
The closing statement
Government agencies have suffered several potentially worrisome cyberattacks in the past few weeks, resulting in compromise or damage of sensitive and confidential information. Public and private organizations must therefore take coordinated actions to fully detect and mitigate risks against such cyberattacks.