Malwarebytes targeted by cyberattack group
You don’t have to work in cybersecurity to be aware of the recent discovery that a sophisticated state actor had potentially compromised tens of thousands of private companies and government institutions in the Americas, Europe, and the Middle East. The means was a software supply-chain: attackers breached the software distribution infrastructure of tech vendor SolarWinds, embedding malware in its popular Orion network management tool. When customers downloaded the latest Orion product update, the malware surreptitiously spread throughout their organizations, in many cases finding and forwarding sensitive data to external servers controlled by the attackers.
The attack used many ingenious techniques to evade detection by its victims’ IT operations monitoring tools and cybersecurity countermeasures, masquerading its malicious tools, utilities, and network usage as legitimate processes and traffic. The sophistication, long arc of the attack (believed to have begun in October 2019 and only discovered with a bit of luck in December 2020), and the requisite skills, commitment to success, and funding necessary to carry it out classifies it as an Advanced Persistent Threat (APT) attack that is generally only carried out by hostile national intelligence