Solarigate – WindowsTechs.com

Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example

Posted on December 22, 2020 by Ben Reardon

Ben Reardon – Corelight Labs Researcher The threat actors who created SUNBURST went to extraordinary lengths to hide Command-and-Control (C2) traffic by mimicking the nature of communication patterns used by legitimate software within the SolarWinds pa… Continue reading Detecting SUNBURST/Solarigate activity in retrospect with Zeek – a practical example→

Finding SUNBURST Backdoor with Zeek Logs & Corelight

Posted on December 15, 2020 by John Gamble

John Gamble, Director of Product Marketing, Corelight FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform. The attack trojanizes Orion software updates to d… Continue reading Finding SUNBURST Backdoor with Zeek Logs & Corelight→