8/24/2023 0 Comments Type to learn sunburst digital![]() While this is likely only a small part of the scope of the attack, it provides indications on the type of organizations that were potentially the real targets of the attack. These assumptions are based on historical network data (passive DNS) and the logic within the malware when handling certain responses. Truesec Threat Intelligence analyzed the malware, as well as historical network data, to determine some of the affected organizations that the threat actor might have explicitly selected for further activities, where it is possible that further internal compromise took place. The infected systems in the various compromised organizations were configured to probe the threat actor systems to request instructions. The recent SolarWinds Orion hack is part of a cyber attack that is one of the most severe in history.Ī supply chain attack leveraged SolarWinds Orion updates to deliver a backdoor to potentially 18,000 SolarWinds customers. This post provides a list of internal names of organizations that had the SUNBURST backdoor installed, as well as which of these organizations have indications of having proceeded to the second stage of the attack, where further internal compromise might have taken place. UPDATE 15:37 UTC: updated section on C2 infrastructure based on current findings UPDATE 17:04 UTC: added link to Invoke-SunburstDecoder UPDATE 22:48 UTC: added section: Disabling security services and avoiding detection UPDATE 17:33 UTC: updated results table UPDATE 13:00 UTC: clarified some of the statements about targeted organizations, as they are only assumptions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |