Search results
Apr 15, 2021 · The SVR actors have demonstrated sophisticated defense evasion skills. They: Hid their command and control (C2) communications with extensive obfuscation, Hid their activity among legitimate user traffic, and. Established difficult-to-detect persistence mechanisms (e.g., in API).
- Executive Overview
- Who, What, When, Where
- Recommendations
- Future Actions
- Actions Taken by The MS- and Ei-Isac
- Available IOCs
On December 13, 2020, FireEye announced the discovery of a highly sophisticated cyber intrusion that leveraged a commercial software application made by SolarWinds. It was determined that the advanced persistent threat (APT) actors infiltrated the supply chain of SolarWinds, inserting a backdoor into the product. As customers downloaded the Trojan ...
Systems Affected 1. SolarWinds Orion Platform Version 2019.4 HF 5 2. SolarWinds Orion Platform Version 2020.2 3. SolarWinds Orion Platform Version 2020.2 HF 1 For CVE-2020-10148, SolarWinds Orion Platform versions 2019.2 HF 3, 2018.4 HF 3, and 2018.2 HF 6 are also affected. Security patches have been released for each of these versions specifically...
The Center for Internet Security understands that many organizations do not have full-time IT or cybersecurity staff, nor do they possess network monitoring tools or logging capabilities. As a result, we have provided tiered recommendations below that combine CIS guidance with that of the Federal Government; organizations can apply what is most app...
This sophisticated cyber-attack is yet another example of why organizations, regardless of size, must implement cyber hygiene best practices. CIS has a number of longer term operational and strategic recommendations. 1. Ensure cybersecurity is a conversation occurring at the highest levels of executive leadership. Cybersecurity is not an IT problem...
This incident is fluid and the MS- and EI-ISAC are working continuously to protect our SLTT members. Upon discovery of this attack, the MS- and EI-ISAC Security Operations Center (SOC), Threat Intelligence Team, Computer Emergency Response Team (CERT), and leadership assembled a cross-functional team working around the clock and collaborating with ...
Many IOCs have been made public. It is important to note that subdomains created by a domain generation algorithm (DGA) are likely unique to each victim organization and are not likely to appear in another victim’s environment. The following resources are currently hosting publicly-available IOCs: 1. CrowdStrike Malware Analysis of SUNSPOT implant ...
Mar 9, 2021 · The U.S. cybersecurity firm FireEye announced last December that an unidentified, highly sophisticated adversary—known as an advanced persistent threat (APT) actor—had compromised its network and...
Dec 19, 2020 · One of SolarWinds' customers who was breached in this attack is FireEye. As part of the attack, the threat actors gained access to the SolarWinds Orion build system and added a backdoor to the...
Jan 16, 2024 · In December of 2020, SolarWinds learned that they had fallen victim to hackers. Unknown actors had inserted malware called SUNBURST into a software update, potentially granting hackers access to thousands of its customers’ data, including government agencies across the globe and the US military.
Dec 15, 2020 · A group believed to be Russia's Cozy Bear gained access to government and other systems through a compromised update to SolarWinds' Orion software. Most organizations aren't prepared for this...
Dec 14, 2021 · Russian threat actors manipulated SolarWinds’ software build environment — injecting malicious code within a millisecond window of the build process. The changes were subtle and undetectable, leading SolarWinds to entirely rethink its build process.
