Compromiseseverity: Critical2020-12-13

SolarWinds Orion supply-chain compromise disclosed

published by CISA

Actor

APT29RU · RussiaAPT

Russian state-sponsored intrusion set publicly attributed to the SVR. Long history of espionage operations against Western government, diplomatic, think tank, and technology targets, including the So…

Summary

FireEye and Microsoft disclosed a sophisticated supply-chain compromise of SolarWinds Orion software, attributed to APT29. The trojanized SUNBURST update reached approximately 18,000 customers and enabled second-stage access to U.S. federal agencies and Fortune 500 networks.

Primary source

cisa.gov

Other APT29 events

2024-06-28TeamViewer corporate IT compromise attributed to APT29
2024-01-19Midnight Blizzard intrusion into Microsoft corporate email
2021-04-15U.S. Treasury sanctions SVR for SolarWinds compromise

Summary

Tags

Primary source

Other APT29 events