NASA, Pentagon and Co - Hackers infiltrate sensitive targets

Russian-based hacker group APT29, also known as Cozy Bear, is believed to have infiltrated a number of U.S. agencies, including the State Department, the Justice Department and the Pentagon, as well as NASA and thousands of companies worldwide. According to media reports, the same attack vector was used that was recently used to hack the Security company Fireeye hacked was. To the news channel CNN authorities have since confirmed the attack.

According to a report from Fireeye the malware used for the attack was distributed via Cloud server of Solarwinds' Orion IT monitoring and management software. The hackers integrated the malware into an update of the software, which was then installed by the compromised companies and authorities.

Several updates affected

According to Fireeye, the attack began as early as the spring of 2020, with multiple signed and Trojanized Updates and distributed via the Solarwinds servers.

In the meantime, Fireeye has been on GitHub Signatures for the malware called Sunburst have been released, allowing Snort, Yara, IOC and ClamAV to clean infected systems.

In a StelOpinion Solarwinds has also confirmed the spread of the Sunburst malware through its update servers. The company recommends that all customers update their Orion platform as soon as possible. According to its own Details Solarwinds has more than 300,000 customers worldwide. The possible victims of the hack therefore include not only the US authorities but also corporations such as Siemens, AT&T, Cisco, Mastercard and Microsoft.

Opposite the Washington Post John Scott-Railton stated that the damage from the attack will most likely be enormous. In the past, APT29 has been one of the most aggressive hacking groups.