Security News > 2020 > December > CISA: APT group behind US govt hacks used multiple access vectors
The US Cybersecurity and Infrastructure Security Agency said that the APT group behind the recent compromise campaign targeting US government agencies used more than one initial access vector.
"CISA has evidence of additional initial access vectors, other than the SolarWinds Orion platform; however, these are still being investigated. CISA will update this Alert as new information becomes available," the agency said.
The agency is also currently investigating incidents where it found TTPs consistent with this ongoing malicious activity, "Including some where victims either do not leverage SolarWinds Orion or where SolarWinds Orion was present but where there was no SolarWinds exploitation activity observed."
The compromise of multiple US federal networks after the SolarWinds breach was officially confirmed today for the first time in a joint statement issued by the FBI, CISA, and the ODNI. "This is a developing situation, and while we continue to work to understand the full extent of this campaign, we know this compromise has affected networks within the federal government," the US intelligence agencies said.
The list of US government targets compromised so far in this campaign includes the US Treasury, the US Department of State, US NTIA, US NIH, DHS-CISA, and the US Department of Homeland Security.
News URL
Related news
- Two Chinese APT Groups Ramp Up Cyber Espionage Against ASEAN Countries (source)
- US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack (source)
- CISA investigates critical infrastructure breach after Sisense hack (source)
- CISA says Sisense hack impacts critical infrastructure orgs (source)
- CISA orders agencies impacted by Microsoft hack to mitigate risks (source)