Russian hackers have breached networks belonging to the US government and private organizations worldwide in a widespread espionage campaign that uses the global software supply chain to infect targets.
The US Treasury and Commerce departments are among the US government agencies hit in a project that multiple news outletsto mention persons familiar with the matter, tell It is led by Cozy Bear, a hacking group believed to be part of the Russian Foreign Intelligence Service, called the SVR. Word of the attacks came on Sunday, five days after FireEye, a $3.5 billion security company, said Tuesday it had been hacked by a country.
On Sunday night, FireEye said the attackers were infecting targets using Orion, a widely used commercial software tool from SolarWinds. After gaining control of the Orion updater, the attackers use it to install a backdoor that FireEye researchers call Sunburst.
“FireEye has discovered this activity in several companies around the world,” FireEye researchers wrote. “The victims have included government, consulting, technology, telecom and extractive industries in North America, Europe, Asia and the Middle East. We expect that there are additional victims in other countries and verticals. FireEye has reported all the things we know to be affected. “
After using the Orion update tool to gain access to targeted networks, Microsoft said in it own postthe attackers steal signature credentials that allow them to impersonate any of a target’s users and accounts, including highly privileged accounts.
In a separate post FireEye says it has identified several organizations that appear to have been infected as far back as this past spring. “Our analysis indicates that these contracts are not self-proclaimed,” the company’s researchers said. “Each of the attacks required careful planning and manual interaction.”
SolarWinds saying that the surveillance products released in March and May of this year could have been a reliable weapon in a “highly sophisticated” attack from a country.