As reported by Bloomberg this morning:
In one of the most audacious hacks in recent memory, U.S. government agencies were attacked as part of a global campaign that exploited a flaw in the software updates of a U.S. company. The hackers are suspected to be part of a notorious hacking group tied to the Russian government, according to the Washington Post...FireEye described a highly sophisticated attack that exploited updates in widely used software from Austin, Texas-based SolarWinds Corp., which sells technology products to a Who’s Who list of of sensitive targets. These include the State Department, the Centers for Disease Control and Prevention, the Naval Information Warfare Systems Command, the FBI, all five branches of the U.S. military, and 425 corporations out of the Fortune 500, according to the company’s website and government data...All federal civilian agencies were ordered by the U.S. Cybersecurity and Infrastructure Security Agency to review their networks and disconnect or power down SolarWinds’s Orion software products immediately... According to FireEye, the hackers hit organizations across the globe -- in North America, Europe, Asia and in the Middle East -- and in multiple sectors including government, technology, consulting, telecommunications, as well as oil and gas...All this suggests that as the U.S. government was focused over the last several months on detecting and countering possible Russian interference in the U.S. presidential election -- an effort that was largely viewed as successful -- suspected Russian hackers were quietly working their way into the computer networks of American government agencies and sensitive corporate victims undetected...The Washington Post reported that the Russian hacking group known as Cozy Bear, or APT 29, was behind the campaign. That is the same hacking group that was behind the cyber-attacks on the Democratic National Committee going back to 2015. It was also accused by U.S. and U.K. authorities in July of infiltrating organizations involved in developing a Covid-19 vaccine.
Sounds like Mr. Robot in real life.