A supply chain attack on SolarWinds's Orion software, widely used in government and industry, provided another avenue, if the victim used that software. A supply chain attack on Microsoft cloud services provided one way for the attackers to breach their victims, depending upon whether the victims had bought those services through a reseller.
firms: Microsoft, SolarWinds, and VMware.
The attackers exploited software or credentials from at least three U.S. The cyberattack that led to the breaches began no later than March 2020. In the following days, more departments and private organizations reported breaches. Treasury Department and the National Telecommunications and Information Administration (NTIA), part of the U.S. The attack, which had gone undetected for months, was first publicly reported on December 13, 2020, and was initially only known to have affected the U.S. government, the European Parliament, Microsoft and others. Affected organizations worldwide included NATO, the U.K. Within days of its discovery, at least 200 organizations around the world had been reported to be affected by the attack, and some of these may also have suffered data breaches. The cyberattack and data breach were reported to be among the worst cyber-espionage incidents ever suffered by the U.S., due to the sensitivity and high profile of the targets and the long duration (eight to nine months) in which the hackers had access. In 2020, a major cyberattack suspected to have been committed by a group backed by the Russian government penetrated thousands of organizations globally including multiple parts of the United States federal government, leading to a series of data breaches.
0 kommentar(er)
