Russian hackers have breached networks belonging to the US government and private organizations worldwide in a widespread espionage campaign that uses the global software supply chain to infect targets.
The US Treasury and Commerce departments are among the US government agencies hit in an operation that multiple news outlets, citing people familiar with the matter, said was led by Cozy Bear, a hacking group believed to be part of the Russian Federal Security Service or FSB. Word of attacks arrived on Sunday, five days after FireEye, the $3.5 billion security company, said on Tuesday it had been hacked by a nation-state.
On Sunday night, FireEye said the attackers were infecting targets using Orion, a widely used business software app from SolarWinds. After taking control of the Orion update mechanism, the attackers were using it to install a backdoor that FireEye researchers are calling Sunburst.