The APT29 attackers who targeted SolarWinds were doing reconnaissance on the company's network as early as January 2019.
The disclosure of the SolarWinds attack by FireEye is encouraging for the development of a national data breach reporting law, government and private-sector experts say.
Researchers from RiskIQ have identified 18 additional C2 servers used by the APT29 attackers in their operation against SolarWinds and its customers.
CISA investigated an enterprise intrusion in which the attacker had legitimate credentials for the Pulse Secure VPN and then deployed the Supernova malware on a SolarWinds Orion instance.
The U.S. federal agency advisory on the active exploits of five flaws comes in tandem with the U.S. government formally attributing the SolarWinds supply-chain attack to Russian Foreign Intelligence Service (SVR) actors.