Dubbed SilverFish by researchers at PRODAFT; the group is one of the many culprits behind the massive SolarWinds hack.
A Swiss cybersecurity company Proactive Defense Against Future Threats (PRODAFT), reported that it has accessed servers tied to a hacking group with a possible connection to the infamous SolarWinds breach.
The hackers, as per PRODAFT’s analysis, have kept their campaign alive throughout this month. However, the company states that its researchers managed to break into the hackers’ computer infrastructure and discovered evidence of an extensive campaign active between August 2020 and March 2021.
During this time, the hackers targeted thousands of government organizations and companies across the United States and Europe.
Hackers Identified as SilverFish
The hacking group responsible for this massive data breach spree was dubbed SilverFish by PRODAFT researchers. The company revealed in its 51 pages report [PDF] that this group aimed to carry out cyber-espionage and steal data from their victims.
The group used many different methods to attack their victims apart from exploiting the vulnerability in Texas-based firm SolarWinds’ software, claimed PRODAFT.
SilverFish is described as an APT group, which usually carries out such operations with state backing. Research reveals that the hackers’ operations indicate they are a state-sponsored group and their actions aren’t motivated by money.
PRODAFT also learned that the hackers were a very well-organized cyber-espionage group and worked in four teams, namely 301, 302, 303, and 304.
. Fingerprint of an existing IOC matching another server instance (Source: Prodaft)
SilverFish Responsible for a Devastating Data Breach Campaign
According to researchers, SilverFish’s campaign was highly sophisticated, and they could target a minimum of 4,720 targets, including high-profile government institutions, US and EU-based banking institutions, global IT service providers, a leading COVID-19 test kit manufacturer, mainstream consulting/auditing firms, and military and aviation-related firms.
Swiss law enforcement authorities are currently in contact with PRODAFT, and so is the FBI.