Topzle Topzle

2020 United States federal government data breach

Updated: Wikipedia source

2020 United States federal government data breach

In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. Affected organizations worldwide included NATO, the U.K. government, the European Parliament, Microsoft and others. The attack, which had gone undetected for months, was first publicly reported on December 13, 2020, and was initially only known to have affected the U.S. Treasury Department and the National Telecommunications and Information Administration (NTIA), part of the U.S. Department of Commerce. In the following days, more departments and private organizations reported breaches. The cyberattack that led to the breaches began no later than March 2020. The attackers exploited software or credentials from at least three U.S. firms: Microsoft, SolarWinds, and VMware. A supply chain attack on SolarWinds's Orion software, widely used in government and industry, provided an initial entry point. Microsoft cloud products provided another, allowing the attackers to also breach victims who were not SolarWinds customers. Flaws in Microsoft and VMware products allowed the attackers to access emails and other documents, and to perform federated authentication across victim resources via single sign-on infrastructure. In addition to the theft of data, the attack caused costly inconvenience to tens of thousands of SolarWinds customers, who had to check whether they had been breached, and had to take systems offline and begin months-long decontamination procedures as a precaution. U.S. Senator Richard J. Durbin described the cyberattack as tantamount to a declaration of war. President Donald Trump was silent for several days after the attack was publicly disclosed. He suggested that China, not Russia, might have been responsible for it, and that "everything is well under control".

Infobox

Date
Before October 2019 (start of supply chain compromise)March 2020 (possible federal breach start date)December 13, 2020 (breach acknowledged)
Duration
At least 8 or 9 months
Location
United States, United Kingdom, Spain, Israel, United Arab Emirates, Canada, Mexico, others
Type
Cyberattack, data breach
Theme
Malware, backdoor, advanced persistent threat, espionage
Cause
SolarWinds supply chain attack (SUNBURST trojan)Microsoft Outlook Web App software bugMicrosoft supply chain attack (reseller compromise)VMware software bugZerologon software bug
Target
U.S. federal government, state and local governments, and private sector
First reporter
FireEye (coordinated vulnerability disclosure)NSA (coordinated vulnerability disclosure)Reuters (public disclosure)
Suspects
Berserk Bear (Russia)Cozy Bear (Russia)FSB (Russia)SVR (Russia)

Tables

· Impact › List of confirmed connected data breaches › U.S. federal government
Executive
Executive
Branch
Executive
Institution
Department of Agriculture
Affected part(s) include
National Finance Center
Department of Commerce
Department of Commerce
Branch
Department of Commerce
Institution
National Telecommunications and Information Administration
Department of Defense
Department of Defense
Branch
Department of Defense
Institution
Parts of The Pentagon, National Security Agency, Defense Information Systems Agency
Department of Energy
Department of Energy
Branch
Department of Energy
Institution
National Nuclear Security Administration
Department of Health and Human Services
Department of Health and Human Services
Branch
Department of Health and Human Services
Institution
National Institutes of Health
Department of Homeland Security
Department of Homeland Security
Branch
Department of Homeland Security
Institution
Cybersecurity and Infrastructure Security Agency
Affected part(s) include
e-mails of top officials
Department of Justice
Department of Justice
Branch
Department of Justice
Affected part(s) include
~3000 Microsoft Office 365-hosted email accounts
Department of Labor
Department of Labor
Branch
Department of Labor
Institution
Bureau of Labor Statistics
Department of State
Department of State
Branch
Department of State
United States Department of Transportation
United States Department of Transportation
Branch
United States Department of Transportation
Institution
Federal Aviation Administration
Department of the Treasury
Department of the Treasury
Branch
Department of the Treasury
Judicial
Judicial
Branch
Judicial
Institution
Administrative Office of the United States Courts
Affected part(s) include
Case Management/Electronic Case Files
Assets accessed
Court documents, including sealed case files
Branch
Institution
Affected part(s) include
Assets accessed
Sources
Executive
Department of Agriculture
National Finance Center
Department of Commerce
National Telecommunications and Information Administration
Department of Defense
Parts of The Pentagon, National Security Agency, Defense Information Systems Agency
Department of Energy
National Nuclear Security Administration
Department of Health and Human Services
National Institutes of Health
Department of Homeland Security
Cybersecurity and Infrastructure Security Agency
e-mails of top officials
Department of Justice
~3000 Microsoft Office 365-hosted email accounts
Department of Labor
Bureau of Labor Statistics
Department of State
United States Department of Transportation
Federal Aviation Administration
Department of the Treasury
Judicial
Administrative Office of the United States Courts
Case Management/Electronic Case Files
Court documents, including sealed case files
· Impact › List of confirmed connected data breaches › U.S. state and local governments
Arizona
Arizona
Department
Arizona
Affected part(s) include
Pima County
California
California
Department
California
Affected part(s) include
California Department of State Hospitals
Ohio
Ohio
Department
Ohio
Affected part(s) include
Kent State University
Texas
Texas
Department
Texas
Affected part(s) include
City of Austin
Department
Affected part(s) include
Sources
Arizona
Pima County
California
California Department of State Hospitals
Ohio
Kent State University
Texas
City of Austin
· Impact › List of confirmed connected data breaches › Private sector
Belkin
Belkin
Organization
Belkin
Cisco Systems
Cisco Systems
Organization
Cisco Systems
Cox Communications
Cox Communications
Organization
Cox Communications
Equifax
Equifax
Organization
Equifax
Fidelis
Fidelis
Organization
Fidelis
FireEye
FireEye
Organization
FireEye
Assets accessed
Red team tools
Malwarebytes
Malwarebytes
Organization
Malwarebytes
Microsoft
Microsoft
Organization
Microsoft
Assets accessed
Product source codeReseller accounts
Mimecast
Mimecast
Organization
Mimecast
Assets accessed
Cryptographic certificateMicrosoft Office 365-hosted email
Nvidia
Nvidia
Organization
Nvidia
Palo Alto Networks
Palo Alto Networks
Organization
Palo Alto Networks
Qualys
Qualys
Organization
Qualys
SolarWinds
SolarWinds
Organization
SolarWinds
Assets accessed
Microsoft Office 365-hosted emailBuild system
A think tank (unnamed as of December 15, 2020)
A think tank (unnamed as of December 15, 2020)
Organization
A think tank (unnamed as of December 15, 2020)
VMware
VMware
Organization
VMware
Organization
Assets accessed
Sources
Belkin
Cisco Systems
Cox Communications
Equifax
Fidelis
FireEye
Red team tools
Malwarebytes
Microsoft
Product source codeReseller accounts
Mimecast
Cryptographic certificateMicrosoft Office 365-hosted email
Nvidia
Palo Alto Networks
Qualys
SolarWinds
Microsoft Office 365-hosted emailBuild system
A think tank (unnamed as of December 15, 2020)
VMware

References

  1. The New York Times
    https://www.nytimes.com/2020/12/14/us/politics/russia-hack-nsa-homeland-security-pentagon.html
  2. The Wall Street Journal
    https://www.wsj.com/articles/solarwinds-hack-leaves-market-sensitive-labor-data-intact-scalia-says-11610627053
  3. "Hackers Tied to Russia Hit Nuclear Agency; Microsoft Is Exposed"
    https://www.bloomberg.com/news/articles/2020-12-17/u-s-states-were-also-hacked-in-suspected-russian-attack
  4. The New York Times
    https://www.nytimes.com/2020/12/16/us/politics/russia-hack-putin-trump-biden.html
  5. Reuters
    https://www.reuters.com/article/global-cyber-idUSKBN28O1Z3
  6. "Why the US government hack is literally keeping security experts awake at night"
    https://www.cnn.com/2020/12/16/tech/solarwinds-orion-hack-explained/index.html
  7. Ars Technica
    https://arstechnica.com/information-technology/2021/01/doj-says-solarwinds-hackers-breached-its-office-365-system-and-read-email/
  8. "SolarWinds Orion: More US government agencies hacked"
    https://www.bbc.com/news/technology-55318815
  9. The Washington Post
    https://www.washingtonpost.com/technology/2020/12/14/russia-hack-us-government/
  10. SecurityWeek.com
    https://www.securityweek.com/solarwinds-likely-hacked-least-one-year-breach-discovery
  11. Reuters
    https://www.reuters.com/article/us-usa-cyber-treasury-exclsuive-idUSKBN28N0PG
  12. Houston Chronicle
    https://www.chron.com/news/article/Explainer-How-bad-is-the-hack-that-targeted-US-15800740.php
  13. The Telegraph
    https://www.telegraph.co.uk/technology/2020/12/18/microsoft-warns-uk-companies-targeted-solarwinds-hackers/
  14. "Microsoft, FireEye confirm SolarWinds supply chain attack"
    https://www.zdnet.com/article/microsoft-fireeye-confirm-solarwinds-supply-chain-attack/
  15. Deep Instinct
    https://www.deepinstinct.com/2020/12/16/sunburst-trojan-what-you-need-to-know/
  16. SecurityWeek.com
    https://www.securityweek.com/group-behind-solarwinds-hack-bypassed-mfa-access-emails-us-think-tank
  17. Ars Technica
    https://arstechnica.com/information-technology/2020/12/solarwinds-hackers-have-a-clever-way-to-bypass-multi-factor-authentication/
  18. The Washington Post
    https://www.washingtonpost.com/national-security/russia-hack-microsoft-cloud/2020/12/24/dbfaa9c6-4590-11eb-975c-d17b8815a66d_story.html
  19. Reuters
    https://www.reuters.com/article/us-global-cyber-usa-idUSKBN28Y1BF
  20. The New york Times
    https://www.nytimes.com/2020/12/24/us/russia-microsoft-resellers-cyberattacks.html
  21. "VMware Flaw a Vector in SolarWinds Breach?"
    https://krebsonsecurity.com/2020/12/vmware-flaw-a-vector-in-solarwinds-breach/
  22. Bloomberg.com
    https://www.bloomberg.com/news/articles/2020-12-18/vmware-falls-on-report-its-software-led-to-solarwinds-breach
  23. The Intercept
    https://theintercept.com/2020/12/17/russia-hack-austin-texas/
  24. CyberScoop
    https://www.cyberscoop.com/cisa-netlogon-microsoft-vulnerability-emergency/
  25. Reuters
    https://www.reuters.com/article/usa-cyber-treasury-idUSL1N2IT0I8
  26. The Washington Post
    https://web.archive.org/web/20201213220635/https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
  27. NBC News
    https://www.nbcnews.com/news/us-news/russian-hackers-breach-u-s-government-effort-aimed-agencies-private-n1251057
  28. "US cyber-attack: Russia 'clearly' behind SolarWinds operation, says Pompeo"
    https://www.bbc.co.uk/news/world-us-canada-55374945
  29. Wall Street Journal
    https://www.wsj.com/articles/how-russias-info-warrior-hackers-let-kremlin-play-geopolitics-on-the-cheap-11609592401
  30. The New York Times
    https://www.nytimes.com/2020/12/16/opinion/fireeye-solarwinds-russia-hack.html
  31. Bloomberg.com
    https://www.bloomberg.com/news/articles/2020-12-14/u-s-government-agencies-attacked-by-hackers-in-software-update
  32. Las Vegas Review-Journal
    https://www.reviewjournal.com/news/politics-and-government/cyber-attack-may-be-worst-hacking-case-in-the-history-of-america-2223270/
  33. The Independent
    https://www.independent.co.uk/news/world/americas/russia-cyber-attack-us-trump-b1775632.html
  34. The Guardian
    https://www.theguardian.com/technology/2020/dec/18/orion-hack-solarwinds-explainer-us-government
  36. Bloomberg.com
    https://www.bloomberg.com/news/articles/2020-12-14/u-k-government-nato-join-u-s-in-monitoring-risk-from-hack
  37. Bloomberg
    https://www.bloomberg.com/news/articles/2020-12-19/at-least-200-victims-identified-in-suspected-russian-hacking
  38. "White House acknowledges reports of cyberattack on U.S. Treasury by foreign government"
    https://www.cnbc.com/2020/12/13/cyber-hack-on-us-treasury-by-foreign-government-.html
  39. The New York Times
    https://www.nytimes.com/2020/12/13/us/politics/russian-hackers-us-government-treasury-commerce.html
  40. Mashable
    https://mashable.com/article/us-treasury-hacked-office-365/
  41. Rolling Stone
    https://www.rollingstone.com/politics/politics-news/treasury-commerce-russian-government-spies-1103205/
  43. Reuters
    https://www.reuters.com/article/uk-usa-cyber-breach-idUKKBN28R3B7
  44. Slate
    https://slate.com/technology/2020/12/solarwinds-hack-commerce-treasury-breach.html
  45. Zero Day
    https://www.zdnet.com/article/nsa-warns-of-federated-login-abuse-for-local-to-cloud-attacks/
  46. Reuters
    https://www.reuters.com/article/us-global-cyber-idCAKBN28V2DX
  47. Business Insider
    https://www.businessinsider.com/russia-hack-may-take-years-undo-bossert-2020-12
  48. SC Media
    https://www.scmagazine.com/home/security-news/here-are-the-critical-responses-required-of-all-businesses-after-solarwinds-supply-chain-hack/
  49. Defense News
    https://www.c4isrnet.com/congress/2020/12/17/no-2-senate-democrat-russia-hack-a-virtual-invasion/
  50. The Hill
    https://thehill.com/homenews/administration/530982-trump-downplays-impact-of-government-hack-in-first-public-remarks
  51. "Trump downplays Russia in first comments on hacking campaign"
    https://apnews.com/article/donald-trump-politics-mark-levin-coronavirus-pandemic-hacking-6080f156125a4a46edef2a6dcf826611
  52. CNN
    https://www.cnn.com/2020/12/19/politics/pompeo-us-government-hack-russia/index.html
  53. Threat Post
    https://threatpost.com/solarwinds-default-password-access-sales/162327/
  54. Reuters
    https://www.reuters.com/article/global-cyber-solarwinds/hackers-at-center-of-sprawling-spy-campaign-turned-solarwinds-dominance-against-it-idUSKBN28P2N8
  55. Bloomberg.com
    https://www.bloomberg.com/news/articles/2020-12-21/solarwinds-adviser-warned-of-lax-security-years-before-hack
  56. "SolarWinds Hack Could Affect 18K Customers"
    https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/
  57. itwire.com
    https://www.itwire.com/security/solarwinds-ftp-credentials-were-leaking-on-github-in-november-2019.html
  58. The Register
    https://www.theregister.com/2020/12/15/solar_winds_update/
  59. The Register
    https://www.theregister.com/2020/12/16/solarwinds_github_password/
  60. "SolarWinds hack has shaved 23% from software company's stock this week"
    https://www.cnbc.com/2020/12/16/solarwinds-hack-triggers-23percent-stock-haircut-this-week-so-far.html
  61. The Register
    https://www.theregister.com/2020/12/16/solarwinds_stock_sale/
  62. MarketWatch
    https://www.marketwatch.com/story/solarwinds-falls-under-scrutiny-after-hack-stock-sales-01608166019
  63. Reuters
    https://web.archive.org/web/20201218062157/https://uk.reuters.com/article/uk-usa-cyber-breach-idUKKBN28R3B7
  64. The New York Times
    https://www.nytimes.com/2020/12/17/us/politics/russia-cyber-hack-trump.html
  65. Wired
    https://www.wired.com/story/russia-solarwinds-supply-chain-hack-commerce-treasury
  66. Ars Technica
    https://arstechnica.com/information-technology/2020/12/18000-organizations-downloaded-backdoor-planted-by-cozy-bear-hackers/
  67. The New York Times
    https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html
  68. ZDNet
    https://www.zdnet.com/article/third-malware-strain-discovered-in-solarwinds-supply-chain-attack/
  69. WSJ
    https://www.wsj.com/articles/solarwinds-discloses-earlier-evidence-of-hack-11610473937
  70. The Register
    https://www.theregister.com/2020/12/20/solarwinds_update_trump_contradicts_pompeo_russia_attribution/
  71. The Register
    https://www.theregister.com/2021/01/12/solarwinds_tech_analysis_crowdstrike/
  72. "Microsoft to quarantine SolarWinds apps linked to recent hack"
    https://www.zdnet.com/article/microsoft-to-quarantine-solarwinds-apps-linked-to-recent-hack-starting-tomorrow/
  73. The Verge
    https://www.theverge.com/2020/12/13/22173035/hackers-russia-breached-us-government-agencies-email-cozy-bear
  74. "CISA Issues Emergency Directive to Mitigate the Compromise of Solarwinds Orion Network Management Products"
    https://www.cisa.gov/news/2020/12/13/cisa-issues-emergency-directive-mitigate-compromise-solarwinds-orion-network
  75. "U.S. Government Agencies Hit by Hackers During Software Update"
    https://web.archive.org/web/20201214051509/https://www.msn.com/en-us/news/politics/u-s-government-agencies-hit-by-hackers-during-software-update/ar-BB1bTMl4
  76. "Microsoft and industry partners seize key domain used in SolarWinds hack"
    https://www.zdnet.com/article/microsoft-and-industry-partners-seize-key-domain-used-in-solarwinds-hack/
  77. Threat Post
    https://threatpost.com/dhs-sophisticated-cyberattack-foreign-adversaries/162242/
  78. The Independent
    https://www.independent.co.uk/news/world/americas/us-russia-hacking-cyber-security-b1774793.html
  79. "SolarWinds: Why the Sunburst hack is so serious"
    https://www.bbc.com/news/technology-55321643
  80. TrustedSec
    https://www.trustedsec.com/blog/solarwinds-orion-and-unc2452-summary-and-recommendations/
  81. BleepingComputer
    https://www.bleepingcomputer.com/news/security/fireeye-microsoft-create-kill-switch-for-solarwinds-backdoor/
  82. The Cloudflare Blog
    https://blog.cloudflare.com/solarwinds-orion-compromise-trend-data/
  83. SC Media
    https://www.scmagazine.com/home/security-news/apts-cyberespionage/disconnect-or-power-down-after-high-profile-hacks-cisa-demands-drastic-solarwinds-mitigation/
  84. "Mitigating Cloud Supply-chain Risk: Office 365 and Azure Exploited in Massive U.S Government Hack"
    https://securityboulevard.com/2020/12/mitigating-cloud-supply-chain-risk-office-365-and-azure-exploited-in-massive-u-s-government-hack/
  85. CNN
    https://www.cnn.com/2020/12/16/politics/us-government-agencies-hack-uncertainty/index.html
  86. Axios
    https://www.axios.com/russias-sprawling-hack-of-federal-agencies-alarms-43a9f6f7-5d85-49a6-828b-8371129c276e.html
  87. The Hill
    https://thehill.com/policy/cybersecurity/530562-schiff-calls-for-urgent-work-to-defend-nation-in-the-wake-of-massive/
  88. DomainTools
    https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack
  89. The Washington Post
    https://www.washingtonpost.com/national-security/ruusian-hackers-outsmarted-us-defenses/2020/12/15/3deed840-3f11-11eb-9453-fc36ba051781_story.html
  90. Reuters
    https://www.reuters.com/article/us-cyber-solarwinds-china-exclusive-idUSKBN2A22K8
  91. Schneier on Security
    https://www.schneier.com/blog/archives/2020/12/how-the-solarwinds-hackers-bypassed-duo-multi-factor-authentication.html
  92. The Independent
    https://www.independent.co.uk/news/world/americas/us-politics/us-treasury-hackers-breach-trump-russia-b1772639.html
  93. The Guardian
    https://www.theguardian.com/technology/2020/dec/13/us-treasury-hacked-group-backed-by-foreign-government-report
  94. "Foreign government hacked into US Treasury Department's emails – reports"
    https://news.sky.com/story/foreign-government-hacked-into-us-treasury-departments-emails-reports-12160763
  95. Mandiant Blog
    https://www.mandiant.com/resources/blog/unauthorized-access-of-fireeye-red-team-tools
  96. The Times of Israel
    https://www.timesofisrael.com/hackers-backed-by-foreign-government-reportedly-steal-info-from-us-treasury/
  97. The New York Times
    https://www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.html
  98. The Guardian
    https://www.theguardian.com/technology/2020/dec/08/fireeye-hack-cybersecurity-theft
  99. Wired
    https://www.wired.com/story/russia-fireeye-hack-statement-not-catastrophe/
  100. Newsweek
    https://www.newsweek.com/solarwinds-russia-hack-cyberattack-fireeye-software-malware-backdoor-cybersecurity-1554730
  101. FireEye
    https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
  102. The Guardian
    https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department
  103. BleepingComputer
    https://www.bleepingcomputer.com/news/security/new-sunspot-malware-found-while-investigating-solarwinds-hack/
  104. Ars Technica
    https://arstechnica.com/gadgets/2021/07/solarwinds-hackers-used-an-ios-0-day-to-steal-google-and-microsoft-credentials/
  105. "Dark Halo Leverages SolarWinds Compromise to Breach Organizations"
    https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
  106. "Hacking Spree by Suspected Russians Included U.S. Think Tank"
    https://www.bloomberg.com/news/articles/2020-12-15/hacking-spree-by-suspected-russians-included-u-s-think-tank
  107. CyberScoop
    https://www.cyberscoop.com/crowdstrike-solarwinds-targeted-microsoft/
  108. "Russian State-Sponsored Advanced Persistent Threat Actor Compromises U.S. Government Targets"
    https://us-cert.cisa.gov/ncas/alerts/aa20-296a
  109. Ars Technica
    https://arstechnica.com/information-technology/2020/12/nsa-says-russian-state-hackers-are-using-a-vmware-flaw-to-ransack-networks/
  110. The Japan Times
    https://www.japantimes.co.jp/news/2020/12/14/world/us-treasury-hack/
  111. Defense Systems
    https://web.archive.org/web/20210309210803/https://defensesystems.com/articles/2020/12/23/solarwinds-hack-impact.aspx
  112. DomainTools
    https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack/
  113. Ars Technica
    https://arstechnica.com/information-technology/2021/01/solarwinds-malware-has-curious-ties-to-russian-speaking-hackers/
  114. The Register
    https://www.theregister.com/2021/01/12/solarwinds_russia_kaspersky/
  115. Wired
    https://www.wired.com/story/solarwinds-russia-hackers-turla-malware/
  116. The Guardian
    https://www.theguardian.com/world/2021/jan/11/solarwinds-hack-russian-spying-tools-hackers-malware-fsb
  117. TheHill
    https://thehill.com/policy/cybersecurity/537067-us-payroll-agency-targeted-by-chinese-hackers-report
  118. The Guardian
    https://www.theguardian.com/us-news/2020/dec/19/mike-pompeo-we-can-say-pretty-clearly-russia-behind-hack-us-agencies
  119. The Hill
    https://thehill.com/homenews/administration/530962-pompeo-russia-pretty-clearly-behind-massive-cyberattack
  120. Deutsche Welle
    https://www.dw.com/en/trump-downplays-massive-us-cyberattack-points-to-china/a-55996519
  121. BBC News
    https://www.bbc.com/news/world-us-canada-55386947
  122. Los Angeles Times
    https://www.latimes.com/world-nation/story/2020-12-20/lawmakers-experts-baffled-trump-brushes-off-suspected-russian-hack
  123. cnn.com
    https://edition.cnn.com/2020/12/21/politics/william-barr-russia-cyberattack/index.html
  124. CNBC
    https://www.cnbc.com/2020/12/21/barr-says-solarwinds-hack-certainly-appears-to-be-the-russians-.html
  125. New York Times
    https://www.nytimes.com/2020/12/21/us/politics/russia-hack-treasury.html
  126. SecurityWeek
    https://www.securityweek.com/us-hack-federal-agencies-likely-russian-origin
  127. Ars Technica
    https://arstechnica.com/tech-policy/2021/01/feds-say-that-russia-was-likely-behind-months-long-hack-of-us-agencies/
  128. The Guardian
    https://www.theguardian.com/technology/2021/jan/05/russians-likely-perpetrators-us-government-hack
  129. fbi.gov
    https://www.fbi.gov/news/testimony/oversight-of-the-federal-bureau-of-investigation-061021
  130. Time
    https://web.archive.org/web/20201216052021/https://time.com/5921684/us-computer-networks-hack-russia/
  131. "SEC filings: SolarWinds says 18,000 customers were impacted by recent hack"
    https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/
  132. Talking Points Memo
    https://talkingpointsmemo.com/news/report-massive-russian-hack-effort-breached-dhs-state-department-and-nih
  133. Business Insider
    https://www.businessinsider.com/list-of-companies-agencies-at-risk-after-solarwinds-hack-2020-12
  134. bankinfosecurity.com
    https://www.bankinfosecurity.com/solarwinds-hunt-to-figure-out-who-was-breached-a-15608
  135. The Independent
    https://www.independent.co.uk/news/hack-may-have-exposed-deep-us-secrets-damage-yet-unknown-hackers-hackers-donald-trump-government-us-b1774648.html
  136. AP NEWS
    https://apnews.com/article/us-agencies-hacked-global-cyberspying-328b4936f2535418b27cb90afa858489
  137. The Guardian
    https://www.theguardian.com/technology/2020/dec/16/us-institutional-secrets-exposed-hack-russia
  138. cyber.dhs.gov
    https://cyber.dhs.gov/ed/21-01/
  139. MIT Technology Review
    https://www.technologyreview.com/2020/12/15/1014462/how-russian-hackers-infiltrated-the-us-government-for-months-without-being-spotted/
  140. Malwarebytes Labs
    https://blog.malwarebytes.com/threat-analysis/2020/12/advanced-cyber-attack-hits-private-and-public-sector-via-supply-chain-software-update/
  141. Trend Micro
    https://www.trendmicro.com/en_us/research/20/l/overview-of-recent-sunburst-targeted-attacks.html
  142. "Hackers' Monthslong Head Start Hamstrings Probe of U.S. Breach"
    https://www.bloomberg.com/news/articles/2020-12-18/hackers-lurking-in-networks-for-months-snarl-solarwinds-probes
  143. The Independent
    https://www.independent.co.uk/news/hacked-networks-will-need-to-be-burned-down-to-the-ground-hackers-fireeye-us-networks-networks-b1776430.html
  144. Reuters
    https://www.reuters.com/article/us-global-cyber-usa-solarwinds/experts-who-wrestled-with-solarwinds-hackers-say-cleanup-could-take-months-or-longer-idUSKBN28Y1K3
  145. AP NEWS
    https://apnews.com/article/technology-europe-russia-election-2020-5486323e455277b39cd3283d70a7fd64
  146. The New York Times
    https://www.nytimes.com/2021/05/27/nyregion/trump-ukraine-rudy-giuliani-2020-presidential-election.html
  147. The World from PRX
    https://www.pri.org/stories/2020-12-16/biden-taps-trusted-figures-lead-us-climate-fight-fda-says-moderna-vaccine-highly
  148. CNN
    https://www.cnn.com/2020/12/15/politics/what-matters-december-15-russia-hack-explained/index.html
  149. Politico
    https://www.politico.com/newsletters/politico-nightly/2020/12/17/the-big-hack-what-we-know-what-we-dont-491184
  150. Reuters
    https://www.reuters.com/article/usa-cyber-amazoncom-idUSL1N2IT0HS
  151. The Washington Post
    https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html
  152. "US officials scramble to deal with suspected Russian hack of government agencies"
    https://www.cnn.com/2020/12/14/politics/us-agencies-hack-solar-wind-russia/index.html
  153. "US nuclear agency a target in 'massive' cyber attack on federal government by suspected Russian hackers"
    https://news.sky.com/story/biden-to-make-cybersecurity-a-top-priority-after-massive-hack-attack-on-the-us-government-12165958
  154. BleepingComputer
    https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/
  155. Time
    https://time.com/5923056/cyber-attack-us-government/
  156. The New York Times
    https://www.nytimes.com/2021/01/02/us/politics/russian-hacking-government.html
  157. Reuters
    https://www.reuters.com/article/uk-global-cyber-idUKKBN28O1KN
  158. Wired
    https://www.wired.com/story/solarwinds-nasa-faa-robot-dog-fight-security-news/
  159. Silicon UK
    https://www.silicon.co.uk/security/cyberwar/us-dod-hacked-331903
  160. Politico
    https://www.politico.com/news/2020/12/17/nuclear-agency-hacked-officials-inform-congress-447855
  161. threatpost.com
    https://threatpost.com/nuclear-weapons-agency-hacked-cyberattack/162387/
  162. Ars Technica
    https://arstechnica.com/information-technology/2020/12/microsoft-is-reportedly-added-to-the-growing-list-of-victims-in-solarwinds-hack/
  163. NBC News
    https://www.nbcnews.com/news/us-news/department-energy-says-it-was-hacked-suspected-russian-campaign-n1251630
  164. SC Media
    https://www.scmagazine.com/home/government/security-experts-warn-of-long-term-risk-tied-to-energy-department-breach/
  165. The New York Times
    https://www.nytimes.com/2020/12/31/technology/microsoft-russia-hack.html
  166. "AP sources: SolarWinds hack got emails of top DHS officials"
    https://apnews.com/article/solarwinds-hack-email-top-dhs-officials-8bcd4a4eb3be1f8f98244766bae70395
  167. The Guardian
    https://www.theguardian.com/technology/2021/jan/06/doj-email-systems-solarwinds-hackers
  168. SecurityWeek
    https://www.securityweek.com/justice-department-says-its-been-affected-russian-hack
  169. The Register
    https://www.theregister.com/2021/01/07/jetbrains_solarwinds_accusation/
  170. The New York Times
    https://www.nytimes.com/2021/01/06/us/politics/russia-cyber-hack.html
  171. BleepingComputer
    https://www.bleepingcomputer.com/news/security/solarwinds-hackers-had-access-to-over-3-000-us-doj-email-accounts/
  172. WSJ
    https://www.wsj.com/articles/federal-judiciarys-systems-likely-breached-in-solarwinds-hack-11610040175
  173. Bloomberg Law
    https://news.bloomberglaw.com/us-law-week/cyberbreach-compromises-u-s-courts-electronic-filings
  174. TheHill
    https://thehill.com/policy/cybersecurity/533177-federal-judiciary-likely-compromised-as-part-of-solarwinds-hack
  175. Krebs on Security
    https://krebsonsecurity.com/2021/01/sealed-u-s-court-records-exposed-in-solarwinds-breach/
  176. CyberScoop
    https://www.cyberscoop.com/solarwinds-hack-us-courts/
  177. The Verge
    https://www.theverge.com/2021/1/7/22219275/federal-judiciary-system-further-securing-sealed-documents-solarwinds-hack
  178. SecurityWeek
    https://www.securityweek.com/probe-launched-impact-solarwinds-breach-federal-courts
  179. BleepingComputer
    https://www.bleepingcomputer.com/news/security/us-judiciary-adds-safeguards-after-potential-breach-in-solarwinds-hack/
  180. The Register
    https://www.theregister.com/2021/01/08/solarwinds_court_docs/
  181. Reuters
    https://web.archive.org/web/20201222111858/https://uk.reuters.com/article/us-usa-cyber-idUKKBN28S2B9
  182. "Hackers' broad attack sets cyber experts worldwide scrambling to defend networks"
    https://www.reuters.com/article/us-global-cyber/hackers-broad-attack-sets-cyber-experts-worldwide-scrambling-to-defend-networks-idUSKBN28S2V3
  183. Wall Street Journal
    https://www.wsj.com/articles/solarwinds-hack-victims-from-tech-companies-to-a-hospital-and-university-11608548402
  184. "Cisco Latest Victim of Russian Cyber-Attack Using SolarWinds"
    https://www.bloomberg.com/news/articles/2020-12-18/cisco-latest-victim-of-russian-cyber-attack-using-solarwinds
  185. "SolarWinds Supply Chain Hit: Victims Include Cisco, Intel"
    https://www.bankinfosecurity.com/solarwinds-orion-campaign-victims-include-cisco-intel-a-15619
  186. Forbes
    https://www.forbes.com/sites/thomasbrewster/2020/12/19/solarwinds-hack-cisco-and-equifax-amongst-corporate-giants-finding-malware-but-no-sign-of-russian-spies/
  187. "La. retirement system warned it may have been target of Russian hack; Cox also investigating"
    https://www.wbrz.com/news/la-retirement-system-warned-it-may-have-been-target-of-russian-hack-cox-also-investigating
  188. ZDNet
    https://www.zdnet.com/article/four-security-vendors-disclose-solarwinds-related-incidents/
  189. Business Insider
    https://www.businessinsider.com/cybersecurity-firm-malwarebytes-was-breached-by-solarwinds-hackers-2021-1
  190. Bloomberg
    https://www.bloomberg.com/news/articles/2021-01-19/suspected-russian-hackers-targeted-security-firm-malwarebytes
  191. Reuters
    https://www.reuters.com/article/us-global-cyber-malwarebytes-idUSKBN29O2CB
  192. Reuters
    https://www.reuters.com/article/global-cyber-microsoft-exclusive-int-idUSKBN28R3BW
  193. "Microsoft confirms it was also breached in recent SolarWinds supply chain hack"
    https://www.zdnet.com/article/microsoft-was-also-breached-in-recent-solarwinds-supply-chain-hack-report/
  194. "Microsoft Says Its Systems Were Exposed to SolarWinds Hack"
    https://www.bloomberg.com/news/articles/2020-12-18/microsoft-says-its-systems-were-exposed-in-solarwinds-hack
  195. "Microsoft was reportedly swept up in SolarWinds hack"
    https://www.cnbc.com/2020/12/17/microsoft-shares-fall-after-report-it-was-swept-up-in-solarwinds-hack.html
  196. The Register
    https://www.theregister.com/2020/12/18/solarwinds_nnsa_microsoft_cisa/
  197. SlashGear
    https://www.slashgear.com/microsoft-acknowledges-it-was-hacked-via-solarwinds-exploit-18651720/
  198. Tech Times
    https://www.techtimes.com/articles/255184/20201217/microsoft-solarwinds-corp-attackers-remove-evidences-biggest-hack-decade.htm
  199. Reuters
    https://www.reuters.com/article/us-global-cyber-microsoft/solarwinds-hackers-accessed-microsoft-source-code-the-company-says-idUSKBN2951M9
  200. BGR
    https://bgr.com/2021/01/01/solarwinds-hack-microsoft-source-code-breach/
  201. CPO Magazine
    https://www.cpomagazine.com/cyber-security/software-giant-admits-that-solarwinds-hackers-viewed-microsoft-source-code/
  202. Gizmodo
    https://gizmodo.com/microsoft-says-solarwinds-hackers-also-broke-into-its-s-1845974783
  203. Computerworld
    https://www.computerworld.com/article/3602549/solarwinds-solorigate-and-what-it-means-for-windows-updates.html
  204. Business Insider
    https://www.businessinsider.com/solarwinds-hackers-were-able-to-access-microsoft-source-code-microsoft-blog-post-2020-12
  205. Threatpost
    https://threatpost.com/critical-microsoft-defender-bug-exploited/162992/
  206. Reuters
    https://www.reuters.com/article/us-global-cyber-mimecast-idUSKBN29H22K
  207. SecurityWeek.Com
    https://www.securityweek.com/mimecast-discloses-certificate-incident-possibly-related-solarwinds-hack
  208. Threatpost
    https://threatpost.com/mimecast-certificate-microsoft-supply-chain-attack/162965/
  209. SC Media
    https://www.scmagazine.com/home/email-security/solarwinds-attackers-suspected-in-microsoft-authentication-compromise/
  210. TechRadar
    https://www.techradar.com/news/mimecast-may-also-have-been-a-victim-of-the-solarwinds-hack-campaign
  211. WSJ
    https://www.wsj.com/articles/solarwinds-hackers-attack-on-email-security-company-raises-new-red-flags-11610510375
  212. GitHub
    https://github.com/fireeye/red_team_tool_countermeasures
  213. BleepingComputer
    https://www.bleepingcomputer.com/news/security/microsoft-to-quarantine-compromised-solarwinds-binaries-tomorrow/
  214. CyberScoop
    https://www.cyberscoop.com/nerc-alert-solarwinds-grid-russia/
  215. The Verge
    https://www.theverge.com/2020/12/15/22176053/solarwinds-hack-client-list-russia-orion-it-compromised
  216. iTWire
    https://www.itwire.com/security/backdoored-orion-binary-still-available-on-solarwinds-website.html
  217. SecurityWeek.Com
    https://www.securityweek.com/class-action-lawsuit-filed-against-solarwinds-over-hack
  218. The Register
    https://www.theregister.com/2021/01/05/solarwinds_sued/
  219. SecurityWeek.Com
    https://www.securityweek.com/solarwinds-taps-firm-launched-cisa-chief-chris-krebs-former-facebook-cso-alex-stamos
  220. ZDNet
    https://www.zdnet.com/article/solarwinds-defense-how-to-stop-similar-attacks/
  221. CBS News
    https://www.cbsnews.com/news/solarwinds-orion-hack-government-agencies-treasury-fireeye/
  222. "US government agencies, including Treasury, hacked; Russia possible culprit"
    https://web.archive.org/web/20201214025001/https://abc11.com/treasury-hack-cyber-attack-on-russia-today/8753611/
  223. Politico
    https://www.politico.com/news/2020/12/14/massively-disruptive-cyber-crisis-engulfs-multiple-agencies-445376
  224. Slate
    https://slate.com/news-and-politics/2020/12/solarwinds-trump-hack-fireeye.html
  225. Newsweek
    https://www.newsweek.com/us-swift-action-defense-networks-alleged-russia-hack-1554693
  226. SecurityWeek.com
    https://www.securityweek.com/fbi-cisa-odni-describe-response-solarwinds-attack
  227. Reuters
    https://web.archive.org/web/20210101220846/https://uk.reuters.com/article/us-global-cyber-usa-idUKKBN28Y09L
  228. ProPublica
    https://www.propublica.org/article/cyber-safety-board-never-investigated-solarwinds-breach-microsoft
  229. Miami Herald
    https://www.miamiherald.com/news/politics-government/article247946080.html
  230. NPR
    https://www.npr.org/2020/12/19/948318197/pompeo-russia-pretty-clearly-behind-massive-solarwinds-cyberattack
  231. CyberScoop
    https://www.cyberscoop.com/menendez-blumenthal-state-va-solarwinds/
  232. Gizmodo
    https://gizmodo.com/veterans-affairs-officials-inexplicably-blow-off-briefi-1845946394
  233. The Guardian
    https://www.theguardian.com/technology/2020/dec/17/us-government-cyber-attack-hack-russia
  234. Bloomberg
    https://www.bloomberg.com/news/articles/2020-12-19/trump-downplays-massive-hack-floats-china-as-possible-culprit
  235. Business Insider
    https://www.businessinsider.com/krebs-do-not-conflate-voting-security-solarwinds-hack-2020-12
  236. "Trump downplays impact of massive hacking, questions Russia involvement"
    https://web.archive.org/web/20210104235816/https://uk.reuters.com/article/uk-u-s-cyber-breach/trump-downplays-impact-of-massive-hacking-questions-russia-involvement-idUKKBN28T0QI
  237. Newsweek
    https://www.newsweek.com/solarwinds-hack-cyberattack-russia-fake-emails-thomas-bossert-joe-biden-1555472
  238. Reuters
    https://www.reuters.com/article/usa-cyber-breach-idUSKBN28U0IK
  239. Bloomberg
    https://www.bloomberg.com/news/articles/2020-12-22/biden-says-hack-of-u-s-shows-trump-failed-at-cyber-security
  240. Reuters
    https://www.reuters.com/article/us-usa-biden-idUKKBN28W1ZF
  241. The New York Times
    https://www.nytimes.com/2021/01/13/us/politics/biden-homeland-security-cybersecurity.html
  242. BBC News
    https://www.bbc.com/news/world-us-canada-56304379
  243. The New York Times
    https://www.nytimes.com/2021/03/07/us/politics/microsoft-solarwinds-hack-russia-china.html
  244. FOX 10 Phoenix
    https://www.fox10phoenix.com/news/us-retaliates-against-russian-hacking-by-expelling-diplomats-imposing-new-sanctions
  245. The Independent
    https://www.independent.co.uk/news/world/americas/us-politics/biden-russia-sanctions-putin-hacking-b1831934.html
  246. DW
    https://www.dw.com/en/us-expels-russian-diplomats-and-issues-sanctions-over-solarwinds-hacking-attack/a-57215141
  247. BBC News
    https://www.bbc.com/news/technology-55368213
  248. ico.org.uk
    https://web.archive.org/web/20210127170003/https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2020/12/uk-organisations-using-solarwinds-orion-platform-should-check-whether-personal-data-has-been-affected/
  249. CBC
    https://www.cbc.ca/news/politics/cse-solarwinds-warning-1.5854614
  250. Canadian Centre for Cyber Security
    https://cyber.gc.ca/en/
  251. Reuters
    https://web.archive.org/web/20230325023837/https://www.reuters.com/?edition-redirect=uk
  252. NBC News
    https://www.nbcnews.com/news/us-news/suspected-russian-hack-was-it-epic-cyber-attack-or-spy-n1251766
  253. Wired
    https://www.wired.com/story/russia-solarwinds-hack-wasnt-cyberwar-us-strategy/
  254. thedispatch.com
    https://thedispatch.com/p/self-delusion-on-the-russia-hack
  255. Just Security
    https://www.justsecurity.org/73946/russias-solarwinds-operation-and-international-law/
  256. Ars Technica
    https://arstechnica.com/information-technology/2020/12/only-an-elite-few-solarwinds-hack-victims-received-follow-on-attacks/
  257. BBC News
    https://www.bbc.com/news/world-us-canada-55358332
  258. The Guardian
    https://www.theguardian.com/commentisfree/2020/dec/23/cyber-attack-us-security-protocols
  259. The New York Times
    https://www.nytimes.com/2020/12/23/opinion/russia-united-states-hack.html
Image
Source:
Tip: Wheel or +/− to zoom, drag to pan, Esc to close.