On Thursday, Swiss cybersecurity firm Prodaft said that SilverFish (.PDF), an "extremely skilled" threat group, has been responsible for intrusions at over 4,720 private and government organizations including "Fortune 500 companies, ministries, airlines, defense contractors, audit and consultancy companies, and automotive manufacturers."

Attacks are geared toward US and European entities and there is a specific focus on critical infrastructure and targets with a market value of over $100 million. 

SilverFish been connected to the recent SolarWinds breach as "one of many" threat groups taking advantage of the situation, in which malicious SolarWinds Orion updates were pushed to customers, leading to the compromise of thousands of corporate networks. 

In December, following the disclosure of the SolarWinds breach, Prodaft received an analysis request from a client and created a fingerprint based on public Indicators of Compromise (IoCs) released by FireEye. 

After running IPv4 scans, the team found new detections within 12 hours and then began combing the web for command-and-control servers (C2s) used in the operation while refining fingerprint records. Prodaft says that after obtaining entry to the management C2 control panel, the company was able to verify links to existing SolarWinds security incidents and known victims by way of IP, username, command execution, country, and timestamp records. 

Victims verified by the company include a US military contractor, a top COVID-19 testing kit manufacturer, aerospace and automotive giants, multiple police networks, European airport systems, and "dozens" of banking institutions in the US and Europe.