HOME
Network
Vendors
Cybersecurity
- Advisory
- Guide
- Firewall
- Threat Database
- Vendors
IT
- Certifications
- Data center
Resources
Tags
About

AnalysisMan

Imagination + Faith = Creation

Sunday, December 13, 2020

CERT Advisory - SUNBURST / Solorigate (aka, SolarWinds Hacking)

US Agencies and FireEye were hacked using SolarWinds software backdoor.

▶ Related news articles

SEC filings: SolarWinds says 18,000 customers were impacted by recent hack (ZDNet)

Microsoft, FireEye confirm SolarWinds supply chain attack (ZDNet)

US Agencies and FireEye Were Hacked Using SolarWinds Software Backdoor (The Hacker News)

US govt, FireEye breached after SolarWinds supply-chain attack (Bleeping Computer)

Security Researcher Reveals Solarwinds' Update Server Was 'Secured' With The Password 'solarwinds123' (techdirt)

Microsoft’s Role In SolarWinds Breach Comes Under Scrutiny (CRN)

SolarWinds hackers breach US nuclear weapons agency (Bleeping Computer)

▶ CISA's advisory

Active Exploitation of SolarWinds Software

SolarWinds Security Advisory
FireEye Advisory: Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
FireEye GitHub page: Sunburst Countermeasures

CISA Publishes Eviction Guidance for Networks Affected by SolarWinds and AD/M365 Compromise

▶ Advisories / IOCs

▷ FireEye

The CVEs related to the Red Team tools
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community

Unauthorized Access of FireEye Red Team Tools

FireEye’s GitHub repository: Red Team Tool Countermeasures

IOCs

Solarwinds Supply Chain Attack (Security Onion)

▷ Microsoft

Microsoft: Solorigate supply chain attack diagram

Trojan:MSIL/Solorigate.B!dha

Behavior:Win32/Solorigate.C!dha

Customer Guidance on Recent Nation-State Cyber Attacks

▶ TTPs

Tactics, Techniques and Procedures (TTPs) Utilized by FireEye’s Red Team Tools (Picus Security)

It is Time to Take Action - How to Defend Against FireEye’s Red Team Tools (Picus Security)

Picus Lab's Github repository (security vendor signatures)

Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity)

New Evidence Suggests SolarWinds' Codebase Was Hacked to Inject Backdoor (The Hacker News)

▶ Analysis Report

Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop (Microsoft)

SUNBURST Additional Technical Details (FireEye)

CISA Malware Analysis Report (AR21-039A)

Posted by AnalysisMan's Blog at 10:00 PM

Email This BlogThis!Share to X Share to Facebook Share to Pinterest

Labels: CERT, Cybersecurity, FireEye, Hacking, SolarWinds

No comments:

Newer Post Older Post Home

About Network + Security

Search This Blog

Featured Post

Palo Alto firewall - Troubleshooting High DP CPU

Popular Posts

How to add and delete Static Routes on macOS (persistently)
Free Visio Stencils Download for Network Diagram
Extreme Switch - Reset to factory default when the password is unknown
Palo Alto firewall - Reset to Factory Default (3 cases)
Extreme Switch - Reset to factory default
Palo Alto firewall - How to configure the Management IP via CLI
Palo Alto firewall - How to clean up disk space

Tags

802 A10 ACL AD·LDAP ADC AI Amazon Ansible AntiVirus·AntiSpyware Apple Arista Automation Avaya AWS Azure BGP Blog Brocade CCIE CERT Certifications ChatGPT Cisco Citrix CLI Cloud Coding CPU Cybersecurity Datacenter DellEMC Design DHCP DNS Encryption ESET ESXi EVE-NG EXOS Extreme Fabric FireEye Firewall Fortinet Free GCP GlobalProtect GNS3 Google HA Habit Hacking HPE IDS·IPS IPsec ISP IT Juniper Linux macOS Malware Microsoft MLAG NAC Network NPM Nutanix Nvidia Obsidian OPNsense OSPF PacketAnalysis PaloAltoNetworks Panorama Protocol Python Routing Science SD-WAN SecondBrain SLB SLX-OS SolarWinds SSH SSL·TLS Stacking STP Switching TAC TCP/IP Threat Tools Training Troubleshooting Upgrades Vendors VLAN VMware VOSS VPN VRRP Vulnerability VXLAN Windows Wireless Wireshark XIQ Zettelkasten ZTNA

Tweets by Elca Ryu

Blog Archive

Home

Copyright © 2024 AnalysisMan - All Rights Reserved.