The Russian state-integrated hacking group APT29/”Cozy Bear”/The Dukes used a supply chain vulnerability within SolarWinds Corp. to compromise multiple targets worldwide.  It managed to inject a backdoor malware into a SolarWinds routine update file, which allowed it to escalate privileges and establish permanent access across the internal systems of the company’s customers.

The attack reportedly compromised mostly US entities. Affected were nine US government agencies, including the Departments of State, Treasury, Commerce, Justice, Homeland Security, and Energy, as well as the National Nuclear Security Administration, NASA, the Federal Aviation Administration, and the National Institutes of Health. Six EU institutions were deemed to have suffered “significant impact,” alongside a “low single digit number” of UK public sector organisations. Among the approximately one hundred selected entities which were hacked, many from the private sector were technology companies, such as cybersecurity companies FireEye and Microsoft; other targets included software makers, which themselves were vulnerable to becoming the source of a similar attack. Other targets from the consulting, telecommunications, and critical infrastructure sectors were mostly based in North America, but also in Europe, Asia, and the Middle East.