On Dec 13, 2020, SolarWinds, a commonly deployed network management solution, confirmed that a cyber incident has occurred which appears to be an IT operations product used well by Fortune 500 companies, US Government agencies, and critical SMB firms. The SolarWinds Orion application updates have been infected for a period between March and June 2020.
The attack is a supply-chain based attack in which the adversary can leverage the software’s update mechanism. The SolarWinds attack has been linked to innumerable businesses, the US Treasury Department, and FireEye compromise at this time.
It’s unclear which customers were targeted, but the malicious code has been distributed to at least 18,000 companies using SolarWinds Orion platform.
Since you’re here… The Sunburst hack is far more than a digital skirmish
This advisory by SISA helps you with details about the following:
- SolarWinds event
- Sunburst malware
- Attack patterns
- Indicator of Compromise (IoC)
- Best practices to prevent such attacks in the future
The editorial team at SISA Information Security hopes that by leveraging this advisory, organizations will be armed with the necessary awareness and knowledge to protect their environments from malwares like Sunburst.