SolarWinds hackers kept busy in the year since the seminal hack, Mandiant finds

Written by
Dec 6, 2021 | CYBERSCOOP

Hackers associated with the SolarWinds supply chain compromise have been busy in the year since that attack was revealed, compromising multiple cloud solution companies with the goal of stealing data relevant to Russian interests and finding routes to additional victims, new research reveals.

Findings published Monday by a team of analysts at Mandiant, collates previous observations and analysis — along with the efforts of “hundreds of consultants, analysts and reverse engineers — to paint a picture of potentially distinct groups working alongside or within a more established Russian intelligence hacking group known as Nobelium, a name given to the group by Microsoft. The group is also known as Cozy Bear.

The U.S. government formally blamed the Russian government for the hack on SolarWinds, a federal contractor that, when breached as far back as January 2019, provided a path to compromising nine government agencies — including the departments of Treasury, Homeland Security and Justice — and perhaps more than 100 private sector companies. Cybersecurity firm FireEye, now known as Mandiant, revealed the attack in December 2020, and in the following months forced a reckoning with the vulnerable state of federal cybersecurity.

Read More: