{
	"id": "6489b30d-1f51-42bb-be2d-0e7b679e0d16",
	"created_at": "2026-04-06T01:30:58.319487Z",
	"updated_at": "2026-04-10T03:23:38.744344Z",
	"deleted_at": null,
	"sha1_hash": "3b438789345faef88dd707b07ff7aff6f837118c",
	"title": "UK and US call out Russia for SolarWinds compromise",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 31531,
	"plain_text": "UK and US call out Russia for SolarWinds compromise\r\nPublished: 2021-04-15 · Archived: 2026-04-06 01:00:55 UTC\r\nThe UK and US have today (15th April) revealed for the first time that Russia’s Foreign Intelligence Service\r\n(SVR) was behind a series of cyber intrusions, including the SolarWinds compromise.\r\nThe National Cyber Security Centre (NCSC), a part of GCHQ, assesses that it is highly likely the SVR was\r\nresponsible for gaining unauthorised access to SolarWinds Orion software and subsequent targeting.\r\nThe US National Security Agency (NSA), Department of Homeland Security’s Cybersecurity Infrastructure\r\nSecurity Agency (CISA) and the FBI have published a technical advisory with mitigation advice. Read the\r\nguidance in full.\r\nThe NCSC has previously published guidance for organisations on this compromise:\r\nDealing with the SolarWinds Orion compromise\r\nIdentifying suspicious credential usage\r\nYou can read the Foreign Secretary’s statement on this action in full on GOV.UK.\r\nIn addition, the UK government is today making available further information about the SVR’s cyber programme,\r\nalso on GOV.UK.\r\nSource: https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise\r\nhttps://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise\r\nPage 1 of 1",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://www.ncsc.gov.uk/news/uk-and-us-call-out-russia-for-solarwinds-compromise"
	],
	"report_names": [
		"uk-and-us-call-out-russia-for-solarwinds-compromise"
	],
	"threat_actors": [
		{
			"id": "5d2bd376-fcdc-4c6a-bc2c-17ebbb5b81a4",
			"created_at": "2022-10-25T16:07:23.667223Z",
			"updated_at": "2026-04-10T02:00:04.705778Z",
			"deleted_at": null,
			"main_name": "GCHQ",
			"aliases": [
				"Government Communications Headquarters",
				"Operation Socialist"
			],
			"source_name": "ETDA:GCHQ",
			"tools": [
				"Prax",
				"Regin",
				"WarriorPride"
			],
			"source_id": "ETDA",
			"reports": null
		}
	],
	"ts_created_at": 1775439058,
	"ts_updated_at": 1775791418,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/3b438789345faef88dd707b07ff7aff6f837118c.pdf",
		"text": "https://archive.orkl.eu/3b438789345faef88dd707b07ff7aff6f837118c.txt",
		"img": "https://archive.orkl.eu/3b438789345faef88dd707b07ff7aff6f837118c.jpg"
	}
}