UNC2452 attacks traced back to Russian espionage group

Mandiant has gathered sufficient evidence to assess that the activity tracked as UNC2452, the group name used to track the SolarWinds compromise in December 2020, is attributable to APT29.

This conclusion matches attribution statements previously made by the U.S. Government that the SolarWinds supply chain compromise was conducted by APT29, a Russia-based espionage group assessed to be sponsored by the Russian Foreign Intelligence Service (SVR).

The evaluation is based on firsthand data gathered by Mandiant and is the result of an extensive comparison and review of UNC2452 and  detailed knowledge of APT29.

The company reports: “The merge of UNC2452 into APT29 significantly expands our knowledge of APT29 and showcases an evolving, disciplined, and highly skilled threat actor that operates with a heightened level of operational security (OPSEC) for the purposes of intelligence collection. This blog post builds on our efforts to share information and provide awareness related to APT29’s developments.”

Read the full report on Mandiant’s website here: https://www.mandiant.com/resources/unc2452-merged-into-apt29