CISA Issues Supply Chain Compromise Alert, Forms Coordination Group with Other Government Agencies


The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert regarding an advanced persistent threat (APT) compromising government agencies, critical infrastructures, and private sector organizations.

According to CISA, the APT actor is accountable for the compromise of the SolarWinds Orion supply chain. The actor is also responsible for the abuse of commonly used authentication mechanisms. The Agency then urged organizations to make identifying and addressing such threats a priority.

“This threat actor has the resources, patience, and expertise to gain access to and privileges over highly sensitive information if left unchecked. CISA urges organizations to prioritize measures to identify and address this threat,” the alert read.

Under the Presidential Policy Directive (PPD) 41, the agency, together with the Federal Bureau of Investigation (FBI), and the Office of the Director of National Intelligence (ODNI), formed a Cyber Unified Coordination Group (UCG). This group aims to coordinate a “whole-of-government” response to the above-mentioned cyber incident.? A UCG is also formed for integrating private sector partners into incident response efforts.

Read more…
Source: Trend Micro