Security News > 2020 > December > Nation-state hackers breached US think tank thrice in a row

Nation-state hackers breached US think tank thrice in a row
2020-12-17 15:17

An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times.

Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations.

In one attack, Dark Halo leveraged a newly disclosed vulnerability for the Microsoft Exchange server that allowed them to bypass multi-factor authentication defenses against unauthorized email access.

After FireEye disclosed the breach on their network and announced that an attacker likely acting on behalf of a government had accessed certain tools used for red-team operations, news broke of the SolarWinds Orion supply-chain attack impacting high-profile organizations in the private and government sector.

It is unclear how many victims the hackers breached through the Orion supply-chain attack, but the number of entities that installed the poisoned version of the software is "Fewer than 18,000," the company said.


News URL

https://www.bleepingcomputer.com/news/security/nation-state-hackers-breached-us-think-tank-thrice-in-a-row/