Microsoft discovered new attacks by the Nobelium hack group that is responsible for the high-profile SolarWinds hack last year, one of the victims was Microsoft customer support employee.

Let me remind you that the SolarWinds hack has become one of the largest attacks on the supply chain in history. In December 2020, it became known that unknown attackers had attacked the company and infected its Orion platform with malware. Of the 300,000 SolarWinds customers, only 33,000 were using Orion, and at the beginning of the year, it was reported that an infected version of the platform was installed on approximately 18,000 customers, according to official figures.

As a result of [...]

Last week, representatives of the Texas-based company SolarWinds, which in 2020 suffered from a massive attack on the supply chain, filed documents with the US Securities and Exchange Commission.

The statement said that based on new information that emerged during the investigation of the attack (in particular, the DNS traffic logs), it became clear that the incident affected not 18,000 clients, as previously thought, but only about 100.

Let me remind you that the SolarWinds hack has become one of the largest attacks on the supply chain in history. In December 2020, it became known that unknown attackers had attacked the company and infected its Orion platform with malware. Of [...]

The US government has officially accused Russia of attacking SolarWinds and its clients and has imposed sanctions on a number of Russian companies. Joe Biden’s administration claims that the Russian Foreign Intelligence Service and its “government hackers” known as APT 29, Cozy Bear or The Dukes were behind the attack.

According to the authorities, they “used the SolarWinds Orion platform and other IT infrastructures as part of a large-scale cyber-espionage campaign.”

“Compromise of the SolarWinds’ supply chain by Russian Foreign Intelligence Service has enabled them to spy on and potentially disrupt more than 16,000 computer systems [...]

A series of large-scale cyberattacks that pointed to dangerous vulnerabilities in US cybersecurity prompted government officials and cybersecurity professionals to use The Zero Trust Model as a way to stop attackers’ malicious campaigns.

Researcher John Kindervag, in his 2010 article, recommended that administrators of sensitive computer networks not trust anyone, regardless of the employee’s position.

“Once an attacker gets past the shell, he has access to all the resources in our network. We’ve built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To [...]

The hackers responsible for the attacks on Solarwinds gained access to Mimecast’s digital certificates, infiltrated the company’s internal network and stole the source codes of the product.

Back in mid-January 2021, representatives of Mimecast warned that an unknown hacker had one of its digital certificates. The attacker then abused it to gain access to some Microsoft 365 customer accounts.

The compromised certificate was used by several of the company’s products (Mimecast Sync and Recover, Continuity Monitor, and IEP) to connect to Microsoft’s infrastructure.

At the same time, it was reported that only 10% of customers used the above products [...]

This week, cybersecurity experts from Microsoft and FireEye published new reports and found three more malware that attacked SolarWinds and its customers.

Last year, it became known that SolarWinds, which develops software for enterprises to help manage their networks, systems and infrastructure, has been compromised. This attack on the supply chain has been attributed to a supposedly Russian-speaking hack group that cybersecurity experts track under the names StellarParticle (CrowdStrike), UNC2452 (FireEye) and Dark Halo (Volexity).

After infiltrating the SolarWinds network, the attackers provided Orion’s centralized monitoring and control platform with a malicious [...]

SolarWinds expenses due to cyber attack in its supply chain amounted to $3.5 million, including incident investigation and remediation costs. It will take the US government from a year to 18 months to fully recover from the SolarWinds hack.

SolarWinds noted additional expenditures after paying for legal, consulting and other professional services related to the December hack. However, according to company representatives, even higher costs are expected in the future.

“We expect an increase in expenses on insurance, finance, compliance with regulatory requirements, as well as compliance with tightening legal and regulatory requirements,” – the company [...]

Antivirus solution provider Emsisoft reported that its specialists became aware of a data leak from one of the test systems.

According to Emsisoft representatives, an unknown third party gained access to a database containing technical logs.

The problem was that the test system turned out to be incorrectly configured and accessible via the Internet, and with it was accessible the abovementioned database. This system was used to manage the log data generated by Emsisoft products and services.

“We used the system to evaluate and benchmark possible solutions relating to the storage and management of the log data generated by our products and services. Immediately after [...]

In January 2021, it became known that the information security company Malwarebytes was the victim of an attack by the same hackers that attacked SolarWinds. At the same time, it was emphasized that Malwarebytes did not use SolarWinds products at all, did not install the version of Orion infected with malware, and the cybercriminals used “another vector of invasion” to gain access to its internal emails.

Now Brandon Wales, acting head of the Department of Homeland Security’s Cybersecurity and Infrastructure Protection Agency (DHS CISA), said that overall, about a third of the companies attacked by these hackers were not directly related to [...]

As expected, the list of companies that have become victims of the SolarWinds attack continues to grow with new names. It turned out that the high-profile attack on the supply chain affected the companies Mimecast, Palo Alto Networks, Qualys and Fidelis Cybersecurity. [dropcap]L[/dropcap]et me remind you that the attack on SolarWinds is attributed to a supposedly Russian-speaking hack group, which information security experts track under the names StellarParticle (CrowdStrike), UNC2452 (FireEye), and Dark Halo (Volexity).

In December 2020, it became known that unknown hackers had attacked SolarWinds and infected its Orion platform with malware.

Of the 300,000 SolarWinds [...]