SolarWinds Backdoor State Diagram

Targeting Process for the SolarWinds Backdoor

The SolarWinds Orion backdoor, known as SUNBURST or Solorigate, has been analyzed by numerous experts from Microsoft, FireEye and several anti-virus vendors. However, we have noticed that many of the published reports ...
23 SUNBURST Targets Identified

Twenty-three SUNBURST Targets Identified

Remember when Igor Kuznetsov and Costin Raiu announced that two of the victims in FireEye's SUNBURST IOC list were ***net.***.com and central.***.gov on Kaspersky's Securelist blog in December? Reuters later reported that ...
SolarWinds: What Hit Us Could Hit Others

SolarWinds: What Hit Us Could Hit Others

New research into the malware that set the stage for the megabreach at IT vendor SolarWinds shows the perpetrators spent months inside the company's software development labs honing their attack before inserting ...
Cyber Security Roundup for January 2021

Cyber Security Roundup for January 2021

A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, December 2020.A suspected nation-state sophisticated cyber-attack of SolarWinds which led ...
SUNBURST Security Applications Chart

Extracting Security Products from SUNBURST DNS Beacons

The latest version of our SunburstDomainDecoder (v1.7) can be used to reveal which endpoint protection applications that are installed on trojanized SolarWinds Orion deployments. The security application info is extracted from DNS ...
Automated Playbook with IPS/AV/AntiBot + Siemplify SOAR to Solarwinds' Sunburst attack

Using SOAR Technology to Orchestrate Detection and Response to the SolarWinds Sunburst Attack 

Cybersecurity vendor FireEye recently disclosed a sophisticated attack which led to the “unauthorized access of their red team tools.” A... The post Using SOAR Technology to Orchestrate Detection and Response to the ...
SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security

SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security

In episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson. ** Links mentioned on the ...
Solorigate: SolarWinds Orion Compromise Overview

Solorigate: SolarWinds Orion Compromise Overview

On 13th December 2020, it came to light SolarWinds IT systems were compromised by hackers between March 2020 and June 2020. SolarWinds provides software to help organisations manage their IT networking infrastructure ...
FireEye Hack Turns into a Global Supply Chain Attack

FireEye Hack Turns into a Global Supply Chain Attack

The FireEye hack turned into a global supply chain attack affecting thousands of SolarWinds customers around the world. The post FireEye Hack Turns into a Global Supply Chain Attack appeared first on ...
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as ...