Security News > 2020 > December > CISA: APT group behind US govt hacks used multiple access vectors
The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector.
"CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.
The agency is also currently investigating incidents where it found TTPs consistent with this ongoing malicious activity, "Including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed."
The compromise of multiple US federal networks after the SolarWinds breach was officially confirmed today for the first time in a joint statement issued by the FBI, CISA, and the ODNI. "This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," the US intelligence agencies said.
The list of US government targets compromised so far in this campaign includes the US Treasury, the US Department of State, US NTIA, US NIH, DHS-CISA, and the US Department of Homeland Security.
News URL
Related news
- US govt officials’ communications compromised in recent telecom hack (source)
- US arrests Scattered Spider suspect linked to telecom hacks (source)
- Wyden proposes bill to secure US telecoms after Salt Typhoon hacks (source)
- Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast Asia (source)
- CISA urges switch to Signal-like encrypted messaging apps after telecom hacks (source)