![]() SUNBURST’s network traffic is hidden as Orion Improvement Program (OIP) protocol, and inspection results appear seamlessly in the SolarWinds plug-in configuration files.Īlso Read: eSecurity Planet warned about the vulnerability of the software supply chain in a 2017 article. After an initial dormant period, the malware retrieves and executes commands that can transfer and execute files, profile the system, reboot the machine, and disable system services. By compromising SolarWinds’ build servers, hackers could inject a backdoor into their code that went to thousands of customers. Within the SolarWinds Orion platform, a digitally-signed component that communicates via HTTP to third-party servers was the root of the malicious plug-in FireEye dubbed SUNBURST. Read Also: 9 Top Intrusion Detection and Prevention Systems: Guide to IDPS SUNBURST backdoor Just a few of the affected companies include Microsoft, Visa, AT&T, Lockheed Martin, Ernst & Young, Yahoo!, and the New York Times. government agencies attacked include the Federal Reserve, the Department of Justice, the State Department, the Department of Homeland Security, the National Institutes of Health, CDC, NSA, NASA and U.S. To emphasize the range of entities impacted by the SolarWinds attack, U.S. Of the company’s total customer base, that means 6% of SolarWinds’ users have been vulnerable for a large chunk of 2020. In an SEC filing earlier this week, SolarWinds noted about 18,000 customers installed the March update impacting organizations. Seamless attacks like the plug-in discovered in the Orion platform can maximize an adversary’s access and insights into critical tools and information. As it’s been some time since the intrusion, the highly skilled actors were, by all means, successful in minimizing their presence. SolarWinds notified its customers of the need for immediate action and listed the affected software builds.Īlso Read: APT Attacks & Prevention Nature of the attacksĪs details emerge, it’s clear that the SolarWinds attack was initiated in March 2020 and went undetected for almost 9 months. Treasury and Commerce departments were victims of the hack led to some panic and ordered shutdowns of the Orion IT software for government agencies. ![]() Victims include government, consulting, technology, and telecom organizations in North America, Europe, Asia, and the Middle East. Through updates to SolarWind’s Orion IT monitoring and management software starting in March, highly skilled actors have potentially gained access to thousands of organizations globally. On December 13, FireEye released a report on the SolarWinds attack dubbed SUNBURST. FireEye’s targeting might not come as a surprise to some, as the company has actively exposed Russian cyberintelligence operations for years.Īlso read: Top Endpoint Detection and Response (EDR) Security Solutions SolarWinds news breaks While FireEye is still in its investigation phase, the hack was identified as an advanced persistent threat (APT) or nation-state attack, with analysts pointing to Russia. In light of the news, FireEye has published detailed analysis of the attacks and steps potentially affected organizations should take. By analyzing these tools, actors can replicate the same software FireEye uses to test its own clients’ computer defenses. On December 8, FireEye informed the public that “a nation with top-tier offensive capabilities” had infiltrated FireEye’s network and gained access to the company’s suite of Red Team hacking tools. ![]() And now we’ve learned that SolarWinds’ Orion platform has been available to intruders since March. National Security Agency warned that federal agencies were actively being exploited by “Russian state-sponsored actors.” A week later, FireEye’s prized Red Team hacking tools were stolen by a presumed Russian actor. As the cybersecurity world wraps its head around how two top vendors were breached, we examine the organizations involved, details of the attack, and implications for the industry and its customers. Together, the attack that originated with a SolarWinds vulnerability turned over critical cybersecurity infrastructure to the malicious actors, along with potential access to thousands of global entities’ sensitive information. Five days after FireEye detailed the theft of about 300 of its proprietary cybersecurity tools, SolarWinds announced that its Orion IT monitoring platform had also been compromised by hackers believed to be sponsored by the Russian government. ![]()
0 Comments
Leave a Reply. |