Russian state-sponsored hacking group breached US think tank three time in a row

A recent attack via trojanized update for SolarWinds network was not the first successful attempt on compromising U.S. internal network made by an unknown believed-to-be Russian state-sponsored hacking group. Previous attacks happened between late 2019 and July 2020. The threat actor used in the attacks was named Dark Halo, and it was capable of using a big variety of tactics and switching between them on the fly, using multiple tools, backdoors and malware implants, allowing attackers to be undetected for years. The recent attack involving SolarWinds has shown a big technical overlap with the previous breaches, enabling the researchers to attribute the Dark Halo intrusions to the same threat actor, that compromised SolarWinds. Read more...