{ "id": "f8870d70-5744-4875-acf6-73fa28bab90c", "created_at": "2026-04-06T01:29:41.838716Z", "updated_at": "2026-04-10T03:37:32.924055Z", "deleted_at": null, "sha1_hash": "e5ebb9850c0d83570fb3308b47074c7458a391bf", "title": "NASA and the FAA were also breached by the SolarWinds hackers", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 822843, "plain_text": "NASA and the FAA were also breached by the SolarWinds hackers\r\nBy Sergiu Gatlan\r\nPublished: 2021-02-24 · Archived: 2026-04-06 00:12:18 UTC\r\nNASA and the US Federal Aviation Administration (FAA) have also been compromised by the nation-state hackers behind\r\nthe SolarWinds supply-chain attack, according to a Washington Post report.\r\nThe two attacks are part of a broader espionage effort targeting and compromising multiple US government agencies over\r\nthe last year.\r\nNASA (short for National Aeronautics and Space Administration) is an independent U.S. federal agency coordinating its\r\ncivilian space program. The FAA is the US civil aviation and international waters regulator.\r\nhttps://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nNASA and FAA don't deny breach\r\nWhile the US government has not publicly disclosed that NASA and the FAA were breached, the agencies' identities were\r\nconfirmed by the Post with US officials after Anne Neuberger, White House’s deputy national security adviser, said that nine\r\nfederal agencies were breached in the SolarWinds hack campaign.\r\nA Transportation Department spokesperson said the agency is investigating the situation. A NASA spokeswoman added that\r\nthe federal agency is working with CISA on \"mitigation efforts to secure NASA’s data and network.\"\r\nThese two federal agencies are the last two to be identified after the hacks of seven others have already been acknowledged\r\nsince the espionage campaign was uncovered.\r\nThe threat actor behind these attacks is currently tracked as StellarParticle (CrowdStrike), UNC2452 (FireEye), SolarStorm\r\n(Palo Alto Unit 42), and Dark Halo (Volexity).\r\nWhile its identity is still anonymous, the FBI, CISA, ODNI, and the NSA issued a joint statement saying that it is likely a\r\nRussian-backed hacking group.\r\nMicrosoft shared a detailed timeline of the attacks\u0026 showing that the state hackers trojanized the company's Orion IT\r\nmonitoring platform in February 2020 and later deployed a backdoor using the software's update mechanism on\r\ncompromised networks in late-March.\r\nCompromised federal agencies\r\nThe list of the seven other US government agencies confirmed as having been hit in the SolarWinds supply-chain attack\r\nincludes:\r\nUS\u0026 Department of the Treasury\r\nUS\u0026 National Telecommunications and Information Administration (NTIA)\r\nUS\u0026 Department of State\r\nThe National Institutes of Health (NIH) (part of the US Department of Health)\r\nUS\u0026 Department of Homeland Security  (DHS)\r\nUS\u0026 Department of Energy (DOE)\r\nUS\u0026 National Nuclear Security Administration (NNSA)\r\nIn January, the Administrative Office of the US Courts disclosed an ongoing investigation following a potential compromise\r\nof the federal courts' case management and electronic case files system.\r\nLast week, Microsoft also revealed that the SolarWinds hackers accessed and downloaded source code for a limited number\r\nof Azure, Intune, and Exchange components.\r\nAccording to the Post's report, the Biden administration is also\u0026 planning to sanction Russia for the SolarWinds hacks and\r\npoisoning\u0026 opposition leader Alexei Navalny.\r\nhttps://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/\r\nhttps://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "Malpedia" ], "references": [ "https://www.bleepingcomputer.com/news/security/nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers/" ], "report_names": [ "nasa-and-the-faa-were-also-breached-by-the-solarwinds-hackers" ], "threat_actors": [ { "id": "b43e5ea9-d8c8-4efa-b5bf-f1efb37174ba", "created_at": "2022-10-25T16:07:24.36191Z", "updated_at": "2026-04-10T02:00:04.954902Z", "deleted_at": null, "main_name": "UNC2452", "aliases": [ "Dark Halo", "Nobelium", "SolarStorm", "StellarParticle", "UNC2452" ], "source_name": "ETDA:UNC2452", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "1d3f9dec-b033-48a5-8b1e-f67a29429e89", "created_at": "2022-10-25T15:50:23.739197Z", "updated_at": "2026-04-10T02:00:05.275809Z", "deleted_at": null, "main_name": "UNC2452", "aliases": [ "UNC2452", "NOBELIUM", "StellarParticle", "Dark Halo" ], "source_name": "MITRE:UNC2452", "tools": [ "Sibot", "Mimikatz", "Cobalt Strike", "AdFind", "GoldMax" ], "source_id": "MITRE", "reports": null }, { "id": "5b748f86-ac32-4715-be9f-6cf25ae48a4e", "created_at": "2024-06-04T02:03:07.956135Z", "updated_at": "2026-04-10T02:00:03.689959Z", "deleted_at": null, "main_name": "IRON HEMLOCK", "aliases": [ "APT29 ", "ATK7 ", "Blue Kitsune ", "Cozy Bear ", "The Dukes", "UNC2452 ", "YTTRIUM " ], "source_name": "Secureworks:IRON HEMLOCK", "tools": [ "CosmicDuke", "CozyCar", "CozyDuke", "DiefenDuke", "FatDuke", "HAMMERTOSS", "LiteDuke", "MiniDuke", "OnionDuke", "PolyglotDuke", "RegDuke", "RegDuke Loader", "SeaDuke", "Sliver" ], "source_id": "Secureworks", "reports": null }, { "id": "a241a1ca-2bc9-450b-a07b-aae747ee2710", "created_at": "2024-06-19T02:03:08.150052Z", "updated_at": "2026-04-10T02:00:03.737173Z", "deleted_at": null, "main_name": "IRON RITUAL", "aliases": [ "APT29", "Blue Dev 5 ", "BlueBravo ", "Cloaked Ursa ", "CozyLarch ", "Dark Halo ", "Midnight Blizzard ", "NOBELIUM ", "StellarParticle ", "UNC2452 " ], "source_name": "Secureworks:IRON RITUAL", "tools": [ "Brute Ratel C4", "Cobalt Strike", "EnvyScout", "GoldFinder", "GoldMax", "NativeZone", "RAINDROP", "SUNBURST", "Sibot", "TEARDROP", "VaporRage" ], "source_id": "Secureworks", "reports": null }, { "id": "70872c3a-e788-4b55-a7d6-b2df52001ad0", "created_at": "2023-01-06T13:46:39.18401Z", "updated_at": "2026-04-10T02:00:03.239111Z", "deleted_at": null, "main_name": "UNC2452", "aliases": [ "DarkHalo", "StellarParticle", "NOBELIUM", "Solar Phoenix", "Midnight Blizzard" ], "source_name": "MISPGALAXY:UNC2452", "tools": [ "SNOWYAMBER", "HALFRIG", "QUARTERRIG" ], "source_id": "MISPGALAXY", "reports": null }, { "id": "20d3a08a-3b97-4b2f-90b8-92a89089a57a", "created_at": "2022-10-25T15:50:23.548494Z", "updated_at": "2026-04-10T02:00:05.292748Z", "deleted_at": null, "main_name": "APT29", "aliases": [ "APT29", "IRON RITUAL", "IRON HEMLOCK", "NobleBaron", "Dark Halo", "NOBELIUM", "UNC2452", "YTTRIUM", "The Dukes", "Cozy Bear", "CozyDuke", "SolarStorm", "Blue Kitsune", "UNC3524", "Midnight Blizzard" ], "source_name": "MITRE:APT29", "tools": [ "PinchDuke", "ROADTools", "WellMail", "CozyCar", "Mimikatz", "Tasklist", "OnionDuke", "FatDuke", "POSHSPY", "EnvyScout", "SoreFang", "GeminiDuke", "reGeorg", "GoldMax", "FoggyWeb", "SDelete", "PolyglotDuke", "AADInternals", "MiniDuke", "SeaDuke", "Sibot", "RegDuke", "CloudDuke", "GoldFinder", "AdFind", "PsExec", "NativeZone", "Systeminfo", "ipconfig", "Impacket", "Cobalt Strike", "PowerDuke", "QUIETEXIT", "HAMMERTOSS", "BoomBox", "CosmicDuke", "WellMess", "VaporRage", "LiteDuke" ], "source_id": "MITRE", "reports": null }, { "id": "f27790ff-4ee0-40a5-9c84-2b523a9d3270", "created_at": "2022-10-25T16:07:23.341684Z", "updated_at": "2026-04-10T02:00:04.549917Z", "deleted_at": null, "main_name": "APT 29", "aliases": [ "APT 29", "ATK 7", "Blue Dev 5", "BlueBravo", "Cloaked Ursa", "CloudLook", "Cozy Bear", "Dark Halo", "Earth Koshchei", "G0016", "Grizzly Steppe", "Group 100", "ITG11", "Iron Hemlock", "Iron Ritual", "Midnight Blizzard", "Minidionis", "Nobelium", "NobleBaron", "Operation Ghost", "Operation Office monkeys", "Operation StellarParticle", "SilverFish", "Solar Phoenix", "SolarStorm", "StellarParticle", "TEMP.Monkeys", "The Dukes", "UNC2452", "UNC3524", "Yttrium" ], "source_name": "ETDA:APT 29", "tools": [ "7-Zip", "ATI-Agent", "AdFind", "Agentemis", "AtNow", "BEATDROP", "BotgenStudios", "CEELOADER", "Cloud Duke", "CloudDuke", "CloudLook", "Cobalt Strike", "CobaltStrike", "CosmicDuke", "Cozer", "CozyBear", "CozyCar", "CozyDuke", "Danfuan", "EnvyScout", "EuroAPT", "FatDuke", "FoggyWeb", "GeminiDuke", "Geppei", "GoldFinder", "GoldMax", "GraphDrop", "GraphicalNeutrino", "GraphicalProton", "HAMMERTOSS", "HammerDuke", "LOLBAS", "LOLBins", "LiteDuke", "Living off the Land", "MagicWeb", "Mimikatz", "MiniDionis", "MiniDuke", "NemesisGemina", "NetDuke", "OnionDuke", "POSHSPY", "PinchDuke", "PolyglotDuke", "PowerDuke", "QUIETEXIT", "ROOTSAW", "RegDuke", "Rubeus", "SNOWYAMBER", "SPICYBEAT", "SUNSHUTTLE", "SeaDaddy", "SeaDask", "SeaDesk", "SeaDuke", "Sharp-SMBExec", "SharpView", "Sibot", "Solorigate", "SoreFang", "TinyBaron", "WINELOADER", "WellMail", "WellMess", "cobeacon", "elf.wellmess", "reGeorg", "tDiscoverer" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775438981, "ts_updated_at": 1775792252, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e5ebb9850c0d83570fb3308b47074c7458a391bf.pdf", "text": "https://archive.orkl.eu/e5ebb9850c0d83570fb3308b47074c7458a391bf.txt", "img": "https://archive.orkl.eu/e5ebb9850c0d83570fb3308b47074c7458a391bf.jpg" } }