Security News > 2020 > December > US think tank breached three times in a row by SolarWinds hackers

US think tank breached three times in a row by SolarWinds hackers
2020-12-17 15:17

An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times.

Incident responders from cybersecurity company Volexity investigating the attacks between late 2019 and July 2020 named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations.

In one attack, Dark Halo leveraged a newly disclosed vulnerability for the Microsoft Exchange server that allowed them to bypass multi-factor authentication defenses against unauthorized email access.

After FireEye disclosed the breach on their network and announced that an attacker likely acting on behalf of a government had accessed certain tools used for red-team operations, news broke of the SolarWinds Orion supply-chain attack impacting high-profile organizations in the private and government sector.

It is unclear how many victims the hackers breached through the Orion supply-chain attack, but the number of entities that installed the poisoned version of the software is "Fewer than 18,000," the company said.


News URL

https://www.bleepingcomputer.com/news/security/us-think-tank-breached-three-times-in-a-row-by-solarwinds-hackers/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Solarwinds 44 0 80 95 40 215