Orion supply chain attack

URI: https://gptkb.org/entity/Orion_supply_chain_attack

GPTKB entity

Predicate	Object
gptkbp:instanceOf	cybercrime
gptkbp:alsoKnownAs	gptkb:SolarWinds_hack
gptkbp:category	cybercrime supply chain attack
gptkbp:discoveredIn	2020
gptkbp:duration	March 2020 to December 2020
gptkbp:estimatedAffectedCustomers	18000
https://www.w3.org/2000/01/rdf-schema#label	Orion supply chain attack
gptkbp:impact	espionage data breach
gptkbp:method	insertion of malicious code into software updates
gptkbp:notableCompany	private companies US government agencies
gptkbp:notableVictim	gptkb:US_Treasury_Department gptkb:Microsoft gptkb:FireEye gptkb:US_Department_of_Homeland_Security gptkb:US_Department_of_Commerce
gptkbp:perpetrator	gptkb:Cozy_Bear gptkb:Russian_Foreign_Intelligence_Service
gptkbp:response	removal of compromised software US government sanctions against Russia
gptkbp:revealedTo	gptkb:Microsoft gptkb:FireEye
gptkbp:software	gptkb:SolarWinds_Orion
gptkbp:usesMalware	gptkb:TEARDROP gptkb:SUNBURST
gptkbp:vectorFor	supply chain compromise
gptkbp:vulnerableTo	gptkb:CVE-2020-10148
gptkbp:bfsParent	gptkb:SolarWinds
gptkbp:bfsLayer	6