Back in December, the SolarWinds attack made the headlines when a Russian cyber espionage group tampered with updates for SolarWinds’ Orion Network Management products that the IT company provides to government agencies, military, and intelligence offices. A report published by the Washington Post, citing unnamed sources, attributes the attacks to the Russia-linked APT29 cyberespionage group (aka Cozy Bear).
Top executives of the SolarWinds firm believe that the root cause of the supply chain attack was an intern who used a weak password for several years. The initial investigation suggested that the password “solarwinds123” was publicly accessible via a misconfigured GitHub repository since June 17, 2018. The issue was addressed on November 22, 2019.
Link: SolarWinds hack: the mystery of one of the biggest cyberattacks ever