Smarter Cyber Defence: Using Hierarchical Explainable AI to Detect

Abstract— This case study is on solarwinds cyber attack in order to see how supply chain attacks function and how AI can be used to detect them. APT29 also referred to as ”cozybear” is a cyber-espionage group attributed to russian government. This enabled attackers to reach U.S. government agency networks and international corporations without being detected for months. The case was examined through digital forensic tools, log analysis and AI based threat detection models. The attack remained unnoticed for months, but AI assisted in determining patterns of compromise. The research targets the technical tactics employed by the attack, such as malware injection, stealth lateral movement, and data exfiltration, while highlighting the significance of Artificial Intelligence (AI) and Machine Learning (ML) in threat identification and digital forensics. AI-powered tools were central to the detection of anomalies, log correlation, and identification Indicators of Compromise (IOCs) that conventional security products missed. Using in-depth forensic analysis and behavioral pattern recognition, this report shows how next-generation cybersecurity defenses — driven by AI and supported by investigative forensics — are crucial in discovering and blocking such advanced persistent threats. A supply chain attack is a form of cyberattack in which hackers target a trusted third-party supplier or vendor to infiltrate into a bigger firm’s network. This case demonstrates the essentiality of utilizing AI in cyber security in order to identify APTs. It also underscores the necessity of bolstering supply chain security and constant monitoring to avoid future similar occurrences.

Key words: APT29, cozybear , LiteAI-MD