US Treasury Department, the US Department of Commerce's National Telecommunications and Information Administration (NTIA), and leading cybersecurity company FireEye are some of the victims of the highly sophisticated cyber-attack, Reuters reported. According to the FireEye report about the incident, a nation-state inserted malware into a legitimate update of the Orion software, produced by IT company SolarWind, thereby infecting the networks of SolarWind customers.
The malware, dubbed SUNBURST by FireEye and Solorigate by Microsoft, was implanted into the Orion’s updates released between March 2020 and June 2020. The US Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 21-01 with mitigation measures. SolarWinds issued a security advisory urging customers to apply the fix.
According to SolarWind, the attack is performed by a highly-sophisticated, targeted and manual supply chain attack by a nation state. Some researchers and sources from the White House attribute the attack to APT29 known as Dukes or Cozy Bear, a group associated with the Russian Foreign Intelligence Service, ZDNet reports.
SolarWind's networking and security products are currently used by more than 300,000 customers worldwide, including Fortune 500 companies, The Pentagon, State Department, NASA, National Security Agency (NSA), Department of Justice, and the Office of the President, Security Affairs warns.