Russian hackers breached US government networks and private organizations around the world in a widespread espionage campaign that uses the global software supply chain to infect targets.
The U.S. finance and trade departments are among U.S. government agencies that were affected by an operation led by several news outlets, citing people familiar with the matter from Cozy Bear, a hacking group established as part of the Russian Federal Security Service [FSB] applies. News of the attacks came on Sunday, five days after FireEye, the $ 3.5 billion security company, announced Tuesday that it had been hacked by a nation-state.
On Sunday evening, FireEye said the attackers infected targets with Orion, a widely used business software app from SolarWinds. After the attackers took control of the Orion update mechanism, they installed a back door that FireEye researchers call Sunburst.
"FireEye has seen this activity in several companies around the world," wrote FireEye researchers. “The victims have included government, consulting, technology, telecommunications and natural resources companies in North America, Europe, Asia and the Middle East. We assume that there are more victims in other countries and industries. FireEye has notified all companies that we know are affected. "
After Microsoft used the Orion update mechanism to gain a foothold on target networks, the attackers, in a separate post, steal signature certificates that they can use to impersonate a target's existing users and accounts, including highly privileged accounts.
In a separate post, FireEye announced that several organizations have been identified that appear to have been infected last spring. "Our analysis shows that these compromises do not spread by themselves," said the company's researchers. "Each of the attacks requires careful planning and manual interaction."
SolarWinds says surveillance products released in March and June of this year may have been covertly armed in a "sophisticated" attack by a nation state.
This is a developing story.