Major Cyber Incident: SolarWinds
Other incident names: SUNBURST malware, Solorigate
- 26. września 2024 r.
- Liang, Linda; Kerttunen, Mika
- EN
About SolarWinds
The Russian state-integrated hacking group APT29/”Cozy Bear”/The Dukes used a supply chain vulnerability within SolarWinds Corp. to compromise multiple targets worldwide. It managed to inject a backdoor malware into a SolarWinds routine update file, which allowed it to escalate privileges and establish permanent access across the internal systems of the company’s customers.
The attack reportedly compromised mostly US entities. Affected were nine US government agencies, including the Departments of State, Treasury, Commerce, Justice, Homeland Security, and Energy, as well as the National Nuclear Security Administration, NASA, the Federal Aviation Administration, and the National Institutes of Health. Six EU institutions were deemed to have suffered “significant impact,” alongside a “low single digit number” of UK public sector organisations. Among the approximately one hundred selected entities which were hacked, many from the private sector were technology companies, such as cybersecurity companies FireEye and Microsoft; other targets included software makers, which themselves were vulnerable to becoming the source of a similar attack. Other targets from the consulting, telecommunications, and critical infrastructure sectors were mostly based in North America, but also in Europe, Asia, and the Middle East.
Timeframe
30 January 2019 – present
Incident Type
Data Theft, Hijacking with Misuse
Initiator
Russian state-integrated APT29/”Cozy Bear”
Affected Target
SolarWinds Corp.; 6 EU institutions, 9 US government agencies, approx. 100 private sector entities from consulting, technology, telecommunications, and critical infrastructure in North America (primarily), Europe, Asia, and the Middle East.
More Major Cyber Incidents (MaCIs)
- Research and Analysis