Przejdź do treści

Major Cyber Incident: SolarWinds

Other incident names: SUNBURST malware, Solorigate

About SolarWinds

The Russian state-integrated hacking group APT29/”Cozy Bear”/The Dukes used a supply chain vulnerability within SolarWinds Corp. to compromise multiple targets worldwide.  It managed to inject a backdoor malware into a SolarWinds routine update file, which allowed it to escalate privileges and establish permanent access across the internal systems of the company’s customers.

The attack reportedly compromised mostly US entities. Affected were nine US government agencies, including the Departments of State, Treasury, Commerce, Justice, Homeland Security, and Energy, as well as the National Nuclear Security Administration, NASA, the Federal Aviation Administration, and the National Institutes of Health. Six EU institutions were deemed to have suffered “significant impact,” alongside a “low single digit number” of UK public sector organisations. Among the approximately one hundred selected entities which were hacked, many from the private sector were technology companies, such as cybersecurity companies FireEye and Microsoft; other targets included software makers, which themselves were vulnerable to becoming the source of a similar attack. Other targets from the consulting, telecommunications, and critical infrastructure sectors were mostly based in North America, but also in Europe, Asia, and the Middle East.

Timeframe

30 January 2019 – present

Incident Type

Data Theft, Hijacking with Misuse

Initiator

Russian state-integrated APT29/”Cozy Bear”

Affected Target

SolarWinds Corp.; 6 EU institutions, 9 US government agencies, approx. 100 private sector entities from consulting, technology, telecommunications, and critical infrastructure in North America (primarily), Europe, Asia, and the Middle East.

More Major Cyber Incidents (MaCIs)

  • Research and Analysis
Major Cyber Incident: KA-SAT 9A

4 October 2023
W tej szczegółowej analizie Mika Kerttunen, Kim Schuck i Jonas Hemmelskamp omawiają włamanie do sieci KA-SAT na Ukrainie i w Europie Zachodniej na początkowych etapach rosyjskiej wojny przeciwko Ukrainie.
Major Cyber Incident: BAPCO

15 February 2023
In this detailed analysis, Mika Kerttunen and Linda Liang discuss the attack on Bahraini oil company BAPCO by Iranian state-backed hackers.

Welcome to our Cyber Incident Dashboard!

For best results, please view on a desktop device.