SUNBURST – Page 3 – WindowsTechs.com

SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security

Posted on December 21, 2020 by Tom Eston

In episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson. ** Links mentioned on the show ** US govt, FireEye breached after SolarWin… Continue reading SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security→

CISA Alert: Sophisticated, Ongoing Cyberattacks Go Beyond SolarWinds

Posted on December 18, 2020 by Andrea Carcano

CISA warns government agencies & critical infrastructure providers about sophisticated APT cyberattacks that go beyond breaching the SolarWinds Orion platform.
The post CISA Alert: Sophisticated, Ongoing Cyberattacks Go Beyond SolarWinds appeared f… Continue reading CISA Alert: Sophisticated, Ongoing Cyberattacks Go Beyond SolarWinds→

Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims

Posted on December 18, 2020 by Tara Seals

Examining the backdoor’s DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign. Continue reading Sunburst’s C2 Secrets Reveal Second-Stage SolarWinds Victims→

Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies

Posted on December 18, 2020 by Tara Seals

The ongoing, growing campaign is “effectively an attack on the United States and its government and other critical institutions,” Microsoft warned. Continue reading Microsoft Caught Up in SolarWinds Spy Effort, Joining Federal Agencies→

Sunburst: connecting the dots in the DNS requests

Posted on December 18, 2020 by Igor Kuznetsov

We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs. Continue reading Sunburst: connecting the dots in the DNS requests→

Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’

Posted on December 16, 2020 by BrianKrebs

A key malicious domain name used to control potentially thousands of computer systems compromised via the months-long breach at network monitoring software vendor SolarWinds was commandeered by security experts and used as a “killswitch” designed to turn the sprawling cybercrime operation against itself, KrebsOnSecurity has learned. Continue reading Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’→

Finding SUNBURST Backdoor with Zeek Logs & Corelight

Posted on December 15, 2020 by John Gamble

John Gamble, Director of Product Marketing, Corelight FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform. The attack trojanizes Orion software updates to d… Continue reading Finding SUNBURST Backdoor with Zeek Logs & Corelight→

SUNBURST: Russia Fingered in ‘Perfect 10’ Supply Chain Attack

Posted on December 14, 2020 by Richi Jennings

Russian spies have been operating inside countless enterprises and government agencies, thanks to a hack of SolarWinds.
The post SUNBURST: Russia Fingered in ‘Perfect 10’ Supply Chain Attack appeared first on Security Boulevard.
Continue reading SUNBURST: Russia Fingered in ‘Perfect 10’ Supply Chain Attack→