Solorigate
How the SolarWinds Hack (almost) went Undetected
My lightning talk from the SEC-T 0x0D conference has now been published on YouTube. This 13 minute talk covers tactics and techniques that the SolarWinds hackers used in order to avoid being ...
Reasons Why the Security Industry is Protecting the Wrong Thing
Article by Paul German, CEO, Certes Networks Why is it that the security industry talks about network security, but data breaches? It’s clear that something needs to change, and according to Paul German, CEO, ...
Cyber Security Roundup for March 2021
A roundup of UK focused Cyber and Information Security News, Blog Posts, Reports and general Threat Intelligence from the previous calendar month, February 2021.Serious Linux VulnerabilityLast month a newly discovered critical vulnerability in ...
SolarWinds Hack: ‘All is Well,’ Microsoft Shrugs
Microsoft would like you to know that it’s finished investigating the SolarWinds breach, and everything’s just fine. Yeah, right ...
Targeting Process for the SolarWinds Backdoor
The SolarWinds Orion backdoor, known as SUNBURST or Solorigate, has been analyzed by numerous experts from Microsoft, FireEye and several anti-virus vendors. However, we have noticed that many of the published reports ...
Twenty-three SUNBURST Targets Identified
Remember when Igor Kuznetsov and Costin Raiu announced that two of the victims in FireEye's SUNBURST IOC list were ***net.***.com and central.***.gov on Kaspersky's Securelist blog in December? Reuters later reported that ...
Finding Targeted SUNBURST Victims with pDNS
Our SunburstDomainDecoder tool can now be used to identify SUNBURST victims that have been explicitly targeted by the attackers. The only input needed is passive DNS (pDNS) data for avsvmcloud.com subdomains. Companies ...
Extracting Security Products from SUNBURST DNS Beacons
The latest version of our SunburstDomainDecoder (v1.7) can be used to reveal which endpoint protection applications that are installed on trojanized SolarWinds Orion deployments. The security application info is extracted from DNS ...
Solorigate: SolarWinds Orion Compromise Overview
On 13th December 2020, it came to light SolarWinds IT systems were compromised by hackers between March 2020 and June 2020. SolarWinds provides software to help organisations manage their IT networking infrastructure ...
Reassembling Victim Domain Fragments from SUNBURST DNS
We are releasing a free tool called SunburstDomainDecoder today, which is created in order to help CERT organizations identify victims of the trojanized SolarWinds software update, known as SUNBURST or Solorigate. SunburstDomainDecoder ...
