CISA Issues Supply Chain Compromise Alert, Forms Coordination Group with Other Government Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an alert regarding an advanced persistent threat (APT) compromising government agencies, critical infrastructures, and private sector organizations. According to CISA, the APT actor is accountable for the compromise of the SolarWinds Read More …

Raindrop Backdoor: New Malware Discovered in SolarWinds Investigation

Symantec, a division of Broadcom, has uncovered an additional piece of malware used in the SolarWinds attacks which was used against a select number of victims that were of interest to the attackers. Raindrop (Backdoor.Raindrop) is a loader which delivers Read More …

A Chinese hacking group is stealing airline passenger details

A suspected Chinese hacking group has been attacking the airline industry for the past few years with the goal of obtaining passenger data in order to track the movement of persons of interest. The intrusions have been linked to a Read More …

Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452

In December 2020, FireEye uncovered and publicly disclosed a widespread attacker campaign that is being tracked as UNC2452. In some, but not all, of the intrusions associated with this campaign where Mandiant has visibility, the attacker used their access to Read More …

Malwarebytes says SolarWinds hackers accessed its internal emails

Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails. “While Malwarebytes does not use SolarWinds, we, like many other companies were recently targeted by the same Read More …

Mimecast Certificate Hacked in Microsoft Email Supply-Chain Attack

A Mimecast-issued certificate used to authenticate some of the company’s products to Microsoft 365 Exchange Web Services has been “compromised by a sophisticated threat actor,” the company has announced. Mimecast provides email security services that customers can apply to their Read More …

Sunburst backdoor – code overlaps with Kazuar

On December 13, 2020, FireEye published a blog post detailing a supply chain attack leveraging Orion IT, an infrastructure monitoring and management platform by SolarWinds. In parallel, Volexity published an article with their analysis of related attacks, attributed to an Read More …

CISA Update: Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations

The Cybersecurity and Infrastructure Security Agency (CISA) is aware of compromises of U.S. government agencies, critical infrastructure entities, and private sector organizations by an advanced persistent threat (APT) actor beginning in at least March 2020. This APT actor has demonstrated Read More …

JetBrains denies being involved in SolarWinds hack

Czech software development firm JetBrains published a statement today denying reports from the New York Times and the Wall Street Journal claiming that JetBrains is under investigation for possibly being involved in the SolarWinds hack that impacted thousands of companies Read More …

US government formally blames Russia for SolarWinds hack

Four US cyber-security agencies, including the FBI, CISA, ODNI, and the NSA, have released a joint statement today formally accusing the Russian government of orchestrating the SolarWinds supply chain attack. US officials said that “an Advanced Persistent Threat (APT) actor, Read More …