An advanced hacking group believed to be working for the Russian government has compromised the internal network of a think tank in the U.S. three times. Cybersecurity company Volexity named the threat actor Dark Halo, a versatile adversary capable to quickly switch to different tactics and techniques to carry out long-term, stealthy operations. Dark Halo leveraged a newly disclosed vulnerability for the Microsoft Exchange server that allowed them to bypass multi-factor authentication (MFA) defenses against unauthorized email access. In another, the actor used a trojanized update for the SolarWinds network and applications monitoring platform Orion that enabled the breach of cybersecurity company FireEye.
Source: https://www.bleepingcomputer.com/news/security/us-think-tank-breached-three-times-in-a-row-by-solarwinds-hackers/