US, UK Agencies Say Russian Intelligence Service Hackers Are Behind SolarWinds, Fortinet, VMware Attacks

US, UK Agencies Say Russian Intelligence Service Hackers Are Behind SolarWinds, Fortinet, VMware Attacks

US and UK security agencies jointly name Russian ‘Cozy Bear’ one of the APT groups behind campaigns against SolarWinds and once more urge organizations to patch the five vulnerabilities exploited in these attacks. 

Russian foreign intelligence service hackers caused quite a stir with their SolarWinds (SolarBurst) campaign called one of the most extensive attacks in cyberdefense history. They are also responsible for cyberespionage campaigns against Covid-19 research facilities and high-profile hacks of VMware devices, according to the United States and the United Kingdom.

In a joint advisory by the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI), the agencies describe the ongoing Russian Foreign Intelligence Service (SVR) exploitation of five publicly known vulnerabilities and give recommendations for mediation of the attacks.

The UK has likewise accused the Russian intelligence service of conducting the attacks.  

In these supply-chain SolarWinds attacks Russian APTs gained access to the networks of tens of thousands of organizations around the world, including several US government agencies and cybersecurity companies FireEye and Mimecast.

Now the US has officially attributed these attacks to Russian Foreign Intelligence Service (SVR) actors APT29, Cozy Bear, and The Dukes.

The five reported vulnerabilities are:

Many organizations are yet to apply the security patches available from the above companies and therefore, are urged to do so as soon as possible:

“NSA, CISA, and FBI strongly encourage all cybersecurity stakeholders to check their networks for indicators of compromise related to all five vulnerabilities and the techniques detailed in the advisory and to urgently implement associated mitigations,” said the cybersecurity advisory.

About the author

CIM Team

CIM Team

CyberIntelMag is the trusted authority in cybersecurity, comprised of leading industry experts for over 20 years, dedicated to serving cybersecurity professionals. Our goal is to provide a one-stop shop for knowledge and insight needed to navigate throughout today’s emerging cybersecurity landscape through in-depth coverage of breaking news, tutorials, product reviews, videos and industry influencers.