Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. Continue reading Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

On Aug. 13, 2020, someone uploaded a suspected malicious file to VirusTotal, a service that scans submitted files against more than five dozen antivirus and security products. Last month, Microsoft and FireEye identified that file as a newly-discovered fourth malware backdoor used in the sprawling SolarWinds supply chain hack. An analysis of the malicious file and other submissions by the same VirusTotal user suggest the account that initially flagged the backdoor as suspicious belongs to IT personnel at the National Telecommunications and Information Administration (NTIA), a division of the U.S. Commerce Department that handles telecommunications and Internet policy. Continue reading Did Someone at the Commerce Dept. Find a SolarWinds Backdoor in Aug. 2020?

#Solorigate : SUPERNOVA forensics using Code Property Graph

#Solorigate : SUPERNOVA forensics using Code Property Graph
The fallout of SolarWinds compromise has resulted in a bevy of new malware families, each with different characteristics and behaviors.
SolarWinds advisory : https://www.solarwinds.com/securit… Continue reading #Solorigate : SUPERNOVA forensics using Code Property Graph

A Month of Reckoning for SaaS software creators and consumers

An illustration of transitive and deeply connected software supply chains
The U.S. was caught off guard by foreign interference in the 2016 election. Given the powerful role of social media in political contests, understanding the Russian efforts was c… Continue reading A Month of Reckoning for SaaS software creators and consumers

SolarWinds SUNBRUST backdoor investigation using ShiftLeft’s Code Property Graph

If you’ve arrived to this post, I’d suggest reading the Part-1 and Part-2 to gain context.
FireEye released additional details here (on December 24th, 2020) that is well worth reading.
With the increase of complexity in software and the availability of… Continue reading SolarWinds SUNBRUST backdoor investigation using ShiftLeft’s Code Property Graph