Russian SVR Exploits SolarWinds and Other Vulnerabilities Against U.S. Networks

Russian SVR Exploits SolarWinds and Other Vulnerabilities Against U.S. Networks

First seen 24 May 2026, 23:30 UTC www.fbi.govwww.gao.gov 79% similarity 80.0

Article Content

Browse articles
ThreatCluster

The Russian Foreign Intelligence Service (SVR) has been exploiting multiple vulnerabilities, including the SolarWinds breach, to compromise U.S. and allied networks. The SolarWinds attack, which began in September 2019, involved the insertion of trojanized code into software updates, affecting nearly 18,000 customers, including federal agencies. The SVR has also targeted COVID-19 research facilities and exploited other vulnerabilities such as those in VMware products. The NSA, CISA, and FBI have issued advisories to mitigate these threats and encourage network defenders to check for indicators of compromise. The ongoing exploitation of these vulnerabilities poses a significant risk to national security and critical infrastructure.

Key Points: • The SolarWinds breach affected approximately 18,000 customers, including federal agencies. • SVR is exploiting multiple known vulnerabilities, including those in VMware products. • U.S. agencies have issued advisories urging immediate action to mitigate these threats.

ThreatCluster AI

Timeline

2019-09-01
SolarWinds cyberattack initiated
The Russian SVR began a campaign to breach SolarWinds' software, leading to widespread exploitation.
GAO
2020-02-01
Trojanized code injected into SolarWinds updates
The SVR injected malicious code into the Orion software updates, compromising customer systems.
GAO
2020-11-01
FireEye detects SolarWinds compromise
FireEye reported an intrusion into its systems, leading to the discovery of the SolarWinds breach.
GAO
2026-05-24
Joint Cybersecurity Advisory released
NSA, CISA, and FBI released an advisory detailing ongoing SVR exploitation of known vulnerabilities.
FBI

Community

Browse all →