Global Campaign Uses Sunburst Malware to Target Government Agencies Worldwide

Recently, FireEye researchers have disclosed that a global widespread campaign has been affecting public and private organizations around the world.

What was discovered

The campaign has targeted government, consulting, technology, telecom, and extractive entities including multiple federal government agencies, including the U.S. Treasury and Commerce departments in North America, Europe, Asia, and the Middle East via the software supply chain attacks.
  • With meticulous planning and manual interaction, the attack operators have surreptitiously tainted the Orion update versions, released by software provider SolarWinds, with malware.
  • According to the researchers, various attacks in this campaign shares certain common elements across, such as light malware footprint, prioritization of stealth, High OPSEC, and more and the attackers have shown all the signs of a state-backed threat actor.
  • The malware used in this campaign was named Sunburst (by FireEye) and Solorigate (by Microsoft).
  • Similarly, the associated threat actor was named UNC2452 (by FireEye), while the Washington Post linked the intrusion to Russian-based hacking group APT29.

The after effect

  • According to Reuters, the seriousness of the hack has led to a rare National Security Council meeting at the White House, and CISA and the FBI were asked to investigate.
  • In addition, the CISA has published an emergency directive with instructions to mitigate the SolarWinds Orion code compromise.

Recent attacks on government agencies

Last week, FireEye had also reported a similar attack carried out through Orion software. Recently, several APTs have been observed targeting government organizations across various countries.

The closing statement

Government agencies have suffered several potentially worrisome cyberattacks in the past few weeks, resulting in compromise or damage of sensitive and confidential information. Public and private organizations must therefore take coordinated actions to fully detect and mitigate risks against such cyberattacks.