Security News > 2020 > December > US think tank breached three times in a row by SolarWinds hackers
An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times.
Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations.
In one attack, Dark Halo leveraged a newly disclosed vulnerability for the Microsoft Exchange server that allowed them to bypass multi-factor authentication defenses against unauthorized email access.
After FireEye disclosed the breach on their network and announced that an attacker likely acting on behalf of a government had accessed certain tools used for red-team operations, news broke of the SolarWinds Orion supply-chain attack impacting high-profile organizations in the private and government sector.
It is unclear how many victims the hackers breached through the Orion supply-chain attack, but the number of entities that installed the poisoned version of the software is "Fewer than 18,000," the company said.
News URL
Related news
- US sanctions Chinese company linked to Flax Typhoon hackers (source)
- US Treasury hack linked to Silk Typhoon Chinese state hackers (source)
- Treasury hackers also breached US foreign investments review office (source)
- US sanctions Chinese firm, hacker behind telecom and Treasury hacks (source)
- Hackers game out infowar against China with the US Navy (source)
- Subaru Starlink flaw let hackers hijack cars in US and Canada (source)
- Spain arrests suspected hacker of US and Spanish military agencies (source)
- Suspected NATO, UN, US Army hacker arrested in Spain (source)
- Hacker pleads guilty to SIM swap attack on US SEC X account (source)
- Chinese hackers breach more US telecoms via unpatched Cisco routers (source)