Security News > 2020 > December > US think tank breached three times in a row by SolarWinds hackers
An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times.
Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations.
In one attack, Dark Halo leveraged a newly disclosed vulnerability for the Microsoft Exchange server that allowed them to bypass multi-factor authentication defenses against unauthorized email access.
After FireEye disclosed the breach on their network and announced that an attacker likely acting on behalf of a government had accessed certain tools used for red-team operations, news broke of the SolarWinds Orion supply-chain attack impacting high-profile organizations in the private and government sector.
It is unclear how many victims the hackers breached through the Orion supply-chain attack, but the number of entities that installed the poisoned version of the software is "Fewer than 18,000," the company said.
News URL
Related news
- US says Chinese hackers breached multiple telecom providers (source)
- US indicts Snowflake hackers who extorted $2.5 million from 3 victims (source)
- Hacker gets 10 years in prison for extorting US healthcare provider (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- US shares tips to block hackers behind recent telecom breaches (source)