SAN FRANCISCO, Dec 17 (Reuters) - The massive hacking campaign disclosed by U.S. officials this week and tentatively attributed to the Russian government extended beyond users of pervasive network software that had been compromised.
The Department of Homeland Security said in a bulletin on Thursday that the spies had used other techniques besides corrupting updates of network management software by SolarWinds , which is used by hundreds of thousands of companies and government agencies.
“The SolarWinds Orion supply chain compromise is not the only initial infection vector this APT actor leveraged,” said DHS’s Cybersecurity and Infrastructure Security Agency, referring to “advanced persistent threat” adversaries.
CISA urged investigators not to assume their organizations were safe if they did not use recent versions of the software, while also pointing out that the hackers did not exploit every network they did gain access too.
Reporting by Joseph Menn; Editing by Lisa Shumaker