Security News

The United States has pinned the blame on Russia for a devastating cyberattack campaign that has hit government agencies and corporations across the country. In a joint statement, the agencies said that the work "Indicates that an Advanced Persistent Threat actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks." Further, the group said it believes the incident was designed as an intelligence gathering effort, which means a surveillance operation aimed at finding confidential and sensitive information.

The U.S. government has identified Russia as the "Likely" culprit behind the widespread SolarWinds cyberattack that has so far affected multiple federal agencies and private-sector companies. Cyberespionage is cited as the motivation behind the attack, which the feds characterized as ongoing.

The US Department of Justice said that the attackers behind the SolarWinds supply chain attack have gained access to roughly 3% of the department's Office 365 email inboxes. The Justice Department currently employs over 115,000 people [1, 2] which translates to around 3450 potentially breached mailboxes.

A class action lawsuit was filed on behalf of SolarWinds investors this week over the cybersecurity breach suffered by the Texas-based IT management solutions provider. The complaint names SolarWinds, as well as Kevin Thompson, who served as the company's CEO until just days before the incident was disclosed, and Barton Kalsu, executive VP and CFO of SolarWinds.

The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive SolarWinds supply chain attack that came to light early last month. The FBI, CISA, ODNI, and NSA are members of the Cyber Unified Coordination Group, a newly-formed task force put in place by the White House National Security Council to investigate and lead the response efforts to remediate the SolarWinds breach.

SolarWinds - the network monitoring biz thoroughly hacked as part of a wider espionage operation - has been sued by its shareholders who claim bosses failed to tell them about its numerous security woes. Last month, it emerged the update server used by SolarWinds to distribute its Orion software had been subverted by miscreants to secretly inject a backdoor into the code so that hackers could infiltrate the computers of customers who installed the product.

The Cyber Unified Coordination Group said today that a Russian-backed Advanced Persistent Threat group is likely behind the SolarWinds hack. The UCG was established by the National Security Council after the SolarWinds supply chain attack to help the intelligence agencies better coordinate the government's response efforts surrounding this ongoing espionage campaign.

The New York Times has an in-depth article on the latest information about the SolarWinds hack. Initial estimates were that Russia sent its probes only into a few dozen of the 18,000 government and private networks they gained access to when they inserted code into network management software made by a Texas company named SolarWinds.

It is believed that the recently disclosed attack targeting Texas-based IT management solutions provider SolarWinds resulted in threat actors gaining access to the networks of more than 250 organizations, according to reports. The New York Times reported over the weekend that the SolarWinds supply chain attack is believed to have impacted as many as 250 government agencies and businesses.

On New Year's Eve, SolarWinds confirmed that it has identified malware that exploited the flaws introduced to Orion products. We already knew about "SUNBURST", the attack that poisoned Orion.