What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-01-29 15:40:00 | A Fifth of Sunburst Backdoor Victims from Manufacturing Industry (lien direct) | 18% of all victims of the Sunburst backdoor are manufacturing organizations | Solardwinds Solardwinds | ||
 |
2021-01-29 06:12:00 | Manufacturing particularly at risk of Solorigate-linked breaches (lien direct) | Pas de details / No more details | Solardwinds | ||
 |
2021-01-27 13:06:01 | Hundreds of Industrial Organizations Received Sunburst Malware in SolarWinds Attack (lien direct) | Hundreds of industrial organizations have apparently received a piece of malware named Sunburst as part of the supply chain attack that hit IT management and monitoring firm SolarWinds last year, Kaspersky's ICS CERT unit reported on Tuesday. | Malware | Solardwinds Solardwinds | |
 |
2021-01-21 15:28:30 | How did SolarWind Hackers evade Detection? (lien direct) | A report from the Microsoft 365 Defender Team, Microsoft Threat Intelligence Center (MSTIC), and Microsoft Cyber Defence Operations Center (CDOC) details how the SolarWinds hackers managed to remain undetected for so long. The report discloses new details including the steps and tools used to deploy the custom Cobalt Strike loaders (Teardrop, Raindrop, etc.) after the […] | Threat | Solardwinds | |
 |
2021-01-21 14:08:16 | SolarWinds Attacks Highlight Importance of Operation-Centric Approach (lien direct) |
We're still learning the full extent of the SolarWinds supply chain attacks. On January 11, for instance, researchers published a technical breakdown of a malicious tool detected as SUNSPOT that was employed as part of the infection chain involving the IT management software provider's Orion platform. |
Tool | Solardwinds Solardwinds | |
 |
2021-01-21 12:01:36 | SolarWinds Attack: Microsoft sheds lights into Solorigate second-stage activation (lien direct) | Microsoft’s report provides details of the entire SolarWinds attack chain with a deep dive in the second-stage activation of malware and tools. Microsoft published a new report that includes additional details of the SolarWinds supply chain attack. The new analysis shad lights on the handover from the Solorigate DLL backdoor to the Cobalt Strike loader. […] | Malware | Solardwinds Solardwinds | |
 |
2021-01-20 11:33:16 | Expert Comment On New Malware Strain Found In SolarWinds Hack (lien direct) | Please see below for comment from cybersecurity experts on the new strain of malware, Raindrop found in relation to SolarWinds: Please see below for comment from cybersecurity experts on the… The ISBuzz Post: This Post Expert Comment On New Malware Strain Found In SolarWinds Hack | Malware Hack | Solardwinds | |
|
2021-01-19 22:31:27 | Raindrop, a fourth malware employed in SolarWinds attacks (lien direct) | The threat actors behind the SolarWinds attack used malware dubbed Raindrop for lateral movement and deploying additional payloads. Security experts from Symantec revealed that threat actors behind the SolarWinds supply chain attack leveraged a malware named Raindrop for lateral movement and deploying additional payloads. Raindrop is the fourth malware that was discovered investigating the SolarWinds […] | Malware Threat | Solardwinds | |
 |
2021-01-19 16:40:55 | SolarWinds Malware Arsenal Widens with Raindrop (lien direct) | The post-compromise backdoor installs Cobalt Strike to help attackers more laterally through victim networks. | Malware | Solardwinds | ★★★ |
 |
2021-01-19 14:09:38 | SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader (lien direct) | The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. [...] | Tool | Solardwinds | |
|
2021-01-19 13:09:32 | SolarWinds Hackers Used \'Raindrop\' Malware for Lateral Movement (lien direct) | The threat group behind the supply chain attack that targeted Texas-based IT management company SolarWinds leveraged a piece of malware named Raindrop for lateral movement and deploying additional payloads, Broadcom-owned cybersecurity firm Symantec reported on Tuesday. | Malware Threat | Solardwinds | |
 |
2021-01-19 12:16:36 | Injecting a Backdoor into SolarWinds Orion (lien direct) | Crowdstrike is reporting on a sophisticated piece of malware that was able to inject malware into the SolarWinds build process: Key Points SUNSPOT is StellarParticle’s malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code. Several safeguards were added to SUNSPOT to avoid the Orion builds from failing, potentially alerting developers to the adversary’s presence... | Malware | Solardwinds Solardwinds | |
 |
2021-01-19 12:00:05 | Fourth malware strain discovered in SolarWinds incident (lien direct) | Symantec said it identified Raindrop, the fourth malware strain used in the SolarWinds breach, after Sunspot, Sunburst, and Teardrop. | Malware | Solardwinds | |
 |
2021-01-19 07:04:55 | Researchers Discover Raindrop - 4th Malware Linked to the SolarWinds Attack (lien direct) | Cybersecurity researchers have unearthed a fourth new malware strain-designed to spread the malware onto other computers in victims' networks-which was deployed as part of the SolarWinds supply chain attack disclosed late last year.
Dubbed "Raindrop" by Broadcom-owned Symantec, the malware joins the likes of other malicious implants such as Sunspot, Sunburst (or Solorigate), and Teardrop that |
Malware Mobile | Solardwinds Solardwinds | |
 |
2021-01-14 09:00:10 | Cisco Secure Workload Immediate Actions in Response to “SUNBURST” Trojan and Backdoor (lien direct) | Cisco Secure Workload can directly support both initial steps to assist in the identification of compromised assets and the application of network restrictions to control network traffic through central automation of distributed firewalls at the workload level. | Solardwinds | ||
|
2021-01-12 12:32:07 | Potential Link between SolarWinds and Turla APT (lien direct) | Researchers at Kaspersky have recently discovered considerable similarities between the Sunburst and Kazuar backdoors. The similarities potentially link the Sunburst backdoors, used in the SolarWinds supply-chain attack, to a previously known Turla weapon. Kazuar, a malware written using the .NET framework, was first reported in 2017. These have been used in unison throughout various breaches […] | Malware Mobile | Solardwinds Solardwinds | |
|
2021-01-12 12:04:51 | \'Sunspot\' Malware Used to Insert Backdoor Into SolarWinds Product in Supply Chain Attack (lien direct) | CrowdStrike, one of the cybersecurity companies called in by IT management firm SolarWinds to investigate the recently disclosed supply chain attack, on Monday shared details about a piece of malware used by the attackers to insert a backdoor into SolarWinds' Orion product. | Malware | Solardwinds | ★★★ |
|
2021-01-12 11:41:20 | Sunspot, the third malware involved in the SolarWinds supply chain attack (lien direct) | Cybersecurity firm CrowdStrike announced to have discovered a third malware strain, named Sunspot, directly involved in the SolarWinds supply chain attack. According to a new report published by the cybersecurity firm Crowdstrike, a third malware, dubbed SUNSPOT, was involved in the recently disclose SolarWinds supply chain attack. SUNSPOT was discovered after the Sunburst/Solorigate backdoor and […] | Malware | Solardwinds | |
|
2021-01-12 11:25:00 | Third Malware Strain Discovered as Part of SolarWinds Attack (lien direct) | Sunspot used to inject Sunburst into Orion platform, says CrowdStrike | Malware Mobile | Solardwinds Solardwinds | |
|
2021-01-12 08:33:19 | New Sunspot malware found while investigating SolarWinds hack (lien direct) | Cybersecurity firm CrowdStrike has discovered the malware used by the SolarWinds hackers to inject backdoors in Orion platform builds during the supply-chain attack that led to the compromise of several companies and government agencies. [...] | Malware Hack | Solardwinds | |
|
2021-01-11 22:29:57 | Unveiled: SUNSPOT Malware Was Used to Inject SolarWinds Backdoor (lien direct) | As the investigation into the SolarWinds supply-chain attack continues, cybersecurity researchers have disclosed a third malware strain that was deployed into the build environment to inject the backdoor into the company's Orion network monitoring platform.
Called "Sunspot," the malignant tool adds to a growing list of previously disclosed malicious software such as Sunburst and Teardrop.
"This |
Malware Tool Mobile | Solardwinds Solardwinds | |
|
2021-01-11 21:37:06 | Connecting the dots between SolarWinds and Russia-linked Turla APT (lien direct) | Experts have found some similarities between the Sunburst backdoor used in the SolarWinds supply chain attack and Turla’s backdoor Kazuar. Security experts from Kaspersky have identified multiple similarities between the Sunburst malware used in the SolarWinds supply chain attack and the Kazuar backdoor that has been employed in cyber espionage campaigns conducted by Russia-linked APT group Turla. The discovery […] | Malware Mobile | Solardwinds Solardwinds | |
|
2021-01-11 17:53:21 | SolarWinds Hack Potentially Linked to Turla APT (lien direct) | Researchers have spotted notable code overlap between the Sunburst backdoor and a known Turla weapon. | Hack Mobile | Solardwinds Solardwinds | |
|
2021-01-11 13:47:16 | Malware Used in SolarWinds Attack Linked to Backdoor Attributed to Turla Cyberspies (lien direct) | Researchers have identified some similarities between the Sunburst malware used in the SolarWinds supply chain attack and Kazuar, a backdoor that appears to have been used by the Russia-linked cyber-espionage group known as Turla. | Malware Mobile | Solardwinds Solardwinds | |
 |
2021-01-11 12:19:03 | Sunburst – Les experts ont trouvé des liens entre l\'attaque de SolarWinds et le backdoor Kazuar (lien direct) | Le 13 décembre dernier, FireEye, Microsoft et SolarWinds découvraient dans leurs réseaux informatiques une attaque sophistiquée ciblant leur chaîne logistique. Cette attaque déployait alors un nouveau malware, jusqu'ici inconnu, " Sunburst ", utilisé contre les clients informatiques d'Orion de SolarWinds. The post Sunburst – Les experts ont trouvé des liens entre l'attaque de SolarWinds et le backdoor Kazuar first appeared on UnderNews. | Mobile | Solardwinds Solardwinds | |
 |
2021-01-11 10:00:00 | Sunburst backdoor – code overlaps with Kazuar (lien direct) | While looking at the Sunburst backdoor, we discovered several features that overlap with a previously identified backdoor known as Kazuar. Our observations shows that Kazuar was used together with Turla tools during multiple breaches in past years. | Mobile | Solardwinds Solardwinds | |
|
2021-01-11 09:07:54 | Sunburst backdoor shares features with Russian APT malware (lien direct) | Kaspersky researchers found that the Sunburst backdoor, the malware deployed during the SolarWinds supply-chain attack, shows feature overlaps with Kazuar, a .NET backdoor tentatively linked to the Russian Turla hacking group. [...] | Malware Mobile | Solardwinds Solardwinds | |
|
2021-01-11 06:18:00 | Kaspersky claims link between Solorigate and Kazuar backdoors (lien direct) | Pas de details / No more details | Solardwinds | ||
|
2021-01-11 05:41:59 | Researchers Find Links Between Sunburst and Russian Kazuar Malware (lien direct) | Cybersecurity researchers, for the first time, may have found a potential connection between the backdoor used in the SolarWinds hack to a previously known malware strain.
In new research published by Kaspersky researchers today, the cybersecurity firm said it discovered several features that overlap with another backdoor known as Kazuar, a .NET-based malware first documented by Palo Alto |
Malware | Solardwinds Solardwinds | |
|
2021-01-05 19:42:44 | Contextualizing Microsoft\'s Source Code Exposure in the SolarWinds Attacks (lien direct) |
In the middle of December, IT management software provider SolarWinds revealed in a security advisory that it had fallen victim to a sophisticated supply chain attack. The offensive involved the placement of a backdoor known as SUNBURST into versions 2019.4 HF 5, 2020.2 with no hotfix installed and 2020.2 HF 1 of the company's Orion Platform software. If executed, SUNBURST allowed an attacker to compromise the server running the Orion build. |
Solardwinds Solardwinds | ||
 |
2021-01-04 11:00:50 | Our New Year\'s Resolution for You: Protect Your IoT Networks and Devices! (lien direct) | By, Mitch Muro, Product Marketing Manager Can 2020 just be over yet?! I mean, come on. Not only have we been struck with one of the most sophisticated and severe attacks seen to date (which of course is the Generation V SolarWinds Sunburst Attack), but cyber criminals are even taking advantage of the increase in… | Mobile | Solardwinds Solardwinds | |
|
2020-12-29 21:55:38 | SolarWinds hackers aimed at access to victims\' cloud assets (lien direct) | Microsoft says that SolarWinds hackers aimed at compromising the victims’ cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that the goal of the threat actors behind the SolarWinds supply chain attack was to move to the victims’ cloud infrastructure once infected their network with the Sunburst/Solorigate backdoor. “With […] | Threat Mobile | Solardwinds | |
 |
2020-12-29 21:22:00 | Actionable Threat Intelligence Available for Sunburst Cyber Attacks on SolarWinds (lien direct) | On Dec. 13, FireEye published a detailed analysis about the attack carried out against SolarWinds, which appears to have compromised its Orion IT monitoring and management platform to spread the Sunburst Backdoor malware. As part of the attack, which started in March, the Orion platform started sending out the digitally-signed trojanized malware via regular updates. According to SolarWinds, the compromised update may have been installed by fewer than 18,000 of its customers, including many U.S. federal agencies and Fortune 500 firms that use Orion to monitor the health of their IT networks. In a related blog post, FireEye also announced that a highly sophisticated state-sponsored adversary penetrated its network and stole FireEye Red Team tools used to test customers’ security. In response to the attacks, Anomali has collected, curated, and distributed clear and concise open-source intelligence (OSINT) to help organizations determine if they have been impacted. Two key resources released include a SolarWinds Breach Threat Bulletin and a FireEye Red Team Tools Breach Threat Bulletin. These continually updated resources, for use inside Anomali ThreatStream, include threat analysis, signature threat models, and over 2,000 operationalized indicators of compromise (IOCs) for automated distribution to security controls. Both are available now to Anomali’s 1,500 customers. What Can I Do with This Threat Intelligence?...and How to Do It Our intent in aggregating and curating this threat intelligence is to provide organizations with high-fidelity IOCs that can immediately be pushed into their security stacks for rapid, proactive blocking and alerting. Security products that can take advantage of this actionable threat intelligence include security information and event management (SIEM), endpoint detection and response platforms, firewalls, domain name system (DNS) servers, security orchestration, automation, and response (SOAR) platforms, and other operational security products. These Anomali threat bulletins are designed to be used in conjunction with Anomali ThreatStream, a threat intelligence platform that allows organizations to aggregate, curate, analyze, and distribute multiple sources of threat intelligence to their operational security systems. Inside of the SolarWinds Breach Threat Bulletin, all of these IOCs have been tagged with “solarwinds”, “sunburst backdoor”, “unc2452”, or “avsvmcloud.com.” This enables ThreatStream users to create a simple rule to automatically push IOCs to their security systems, enabling real-time defense against both attacks. For example, if a compromised server inside the organization attempts to connect to a command and control (C2) server outside of the organization, Anomali customers that have activated this research will automatically block the C2 URL, avoiding risk of further compromise and data exfiltration. How Can I Get This Intelligence? The Anomali SolarWinds and FireEye Threat Bulletins are automatically available to Anomali’s ThreatStream customers, and all organizations participating in Anomali-powered threat intelligence sharing communities (ISACs). Anomali Threat Research also created a | Malware Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-29 20:12:00 | Anomali ThreatStream Sunburst Backdoor Custom Dashboard Provides Machine Readable IOCs Related To SolarWinds Supply Chain Attack (lien direct) | SolarWinds, a provider of IT management and monitoring software deployed by thousands of global customers, was breached between March and June of 2020 by an Advanced Persistent Threat (APT) that cybersecurity company FireEye is tracking as UNC2452. As part of the supply chain attack, the APT compromised the company’s Orion business software with trojanized malware known as Sunburst, which opens a backdoor into the networks of customers who executed Orion updates.
Immediately following news of the attack, Anomali Threat Research launched a custom threat intelligence dashboard called Sunburst Backdoor. Now available to Anomali ThreatStream customers, the dashboard is accessible via the user console. It is preconfigured to provide immediate access and visibility into all known Sunburst Backdoor indicators of compromise (IOCs) that are made available through commercial and open-source threat feeds that users manage on ThreatStream.
Customers using ThreatStream, Anomali Match, and Anomali Lens can immediately detect any IOCs present in their environments, quickly consume threat bulletins containing machine readable IOCs to operationalize threat intelligence across their security infrastructures, and communicate to all stakeholders how they have been impacted.
As part of ongoing product enhancements that further automate and speed essential tasks performed by threat intelligence and security operations analysts, Anomali recently added thematic dashboards that respond to significant global events. In addition to Sunburst Backdoor, ThreatStream customers currently have access to additional dashboards announced as part of our December quarterly product release.
Customers can integrate Sunburst Backdoor and other dashboards via the “+ Add Dashboard” tab in the ThreatStream console:
After integration, users will have immediate access to the Sunburst Backdoor dashboard, which continually updates IOCs as they become available:
Organizations interested in learning more about Anomali ThreatStream and our custom dashboard capabilities can request a demo here.
For organizations interested in gaining wider visibility and detection capabilities for the Sunburst cyberattack, Anomali Threat Research has compiled and curated an initial threat bulletin and downloadable set of OSINT IOCs available here. |
Malware Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-29 13:30:00 | Microsoft: SolarWinds hackers\' goal was the victims\' cloud data (lien direct) | Microsoft says that the end goal of the SolarWinds supply chain compromise was to pivot to the victims' cloud assets after deploying the Sunburst/Solorigate backdoor on their local networks. [...] | Solardwinds | ||
 |
2020-12-24 20:15:00 | Sunburst Détails techniques supplémentaires SUNBURST Additional Technical Details (lien direct) |
Fireeye a découvert des détails supplémentaires sur la porte dérobée Sunburst depuis notre publication initiale le 13 décembre 2020. Avant de plonger dans la profondeur technique de ce logiciel malveillant, nous recommandons aux lecteurs de se familiariser avec notre article de blog sur le Solarwinds Supply Compromis , qui a révélé une campagne d'intrusion mondiale par une campagne sophistiquée sophistiquée Acteur de menace que nous suivons actuellement UNC2452.
Sunburst est une version trojanisée d'un plugin SolarWinds Orion signé numérique appelé solarwinds.orion.core.businesslayer.dll .Le plugin contient une porte dérobée qui communique via HTTP à un tiers
FireEye has discovered additional details about the SUNBURST backdoor since our initial publication on Dec. 13, 2020. Before diving into the technical depth of this malware, we recommend readers familiarize themselves with our blog post about the SolarWinds supply chain compromise, which revealed a global intrusion campaign by a sophisticated threat actor we are currently tracking as UNC2452. SUNBURST is a trojanized version of a digitally signed SolarWinds Orion plugin called SolarWinds.Orion.Core.BusinessLayer.dll. The plugin contains a backdoor that communicates via HTTP to third party |
Threat | Solardwinds | ★★★★ |
 |
2020-12-24 08:15:45 | Zscaler met en place un programme d\'accompagnement pour les entreprises touchées par SUNBURST (attaque SolarWinds) (lien direct) | Le programme Zscaler Security Assessment est conçu pour aider les organisations à comprendre l'attaque et obtenir une visibilité immédiate de leur posture de sécurité et pour leur fournir des conseils d'experts ainsi qu'un soutien pratique pour se protéger contre l'infection par le malware SUNBURST. - Produits | Malware | Solardwinds Solardwinds | |
 |
2020-12-23 23:45:25 | Why SolarWinds-SUNBURST is our Cyber Pearl Harbor (lien direct) | 
On December 13, 2020, FireEye announced that threat actors had compromised SolarWinds's Orion IT monitoring and management software and used it to distribute a software backdoor to dozens of that company's customers, including several high profile U.S. government agencies. Many are referring to the SolarWinds-SUNBURST campaign incidents as the long-prophesied “Cyber Pearl Harbor.” We agree, […]
|
Threat | Solardwinds | |
 |
2020-12-23 14:36:49 | SolarWinds Sunburst: UK data watchdog issues hack alert (lien direct) | President-elect Joe Biden has also vowed that the US will respond to the attack. | Hack | Solardwinds | ★★ |
|
2020-12-23 11:30:52 | How we protect our users against the Sunburst backdoor (lien direct) | The detection logic has been improved in all our solutions to ensure our customers protection. We continue to investigate cyberattack on SolarWinds and we will add additional detection once they are required. | Solardwinds Solardwinds | ||
|
2020-12-22 21:52:57 | Researchers shared the lists of victims of SolarWinds hack (lien direct) | Security experts shared lists of organizations that were infected with the SolarWinds Sunburst backdoor after decoding the DGA mechanism. Security experts started analyzing the DGA mechanism used by threat actors behind the SolarWinds hack to control the Sunburst/Solarigate backdoor and published the list of targeted organizations. Researchers from multiple cybersecurity firms published a list that […] | Hack Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-22 21:14:06 | Cybereason vs. SolarWinds Supply Chain Attack (lien direct) |
On December 13, 2020, IT infrastructure management provider SolarWinds issued a Security Advisory regarding their SolarWinds Orion Platform after experiencing a “highly sophisticated” supply chain attack. The activity is reported to have begun as early as Spring 2020, as reported by researchers from security firm FireEye. |
Solardwinds | ||
|
2020-12-22 09:11:33 | SolarWinds victims revealed after cracking the Sunburst malware DGA (lien direct) | Security researchers have shared lists of organizations where threat actors deployed Sunburst/Solarigate malware, after ongoing investigations of the SolarWinds supply chain attack. [...] | Malware Threat | Solardwinds Solardwinds | |
|
2020-12-21 21:32:24 | (Déjà vu) How A Device to Cloud Architecture Defends Against the SolarWinds Supply Chain Compromise (lien direct) | 
In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds's Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate by Microsoft), that communicates to third-party servers for […]
|
Threat Mobile | Solardwinds Solardwinds | |
|
2020-12-21 20:40:45 | Partial lists of organizations infected with Sunburst malware released online (lien direct) | As security researchers dig through forensic evidence in the aftermath of the SolarWinds supply chain attack, victim names are slowly starting to surface. | Malware | Solardwinds Solardwinds | |
|
2020-12-21 19:26:48 | Best Practice: Identifying And Mitigating The Impact Of Sunburst (lien direct) | Introduction During the closing weeks of 2020 a Cyber Security attack became one of the main headline news stories of what had already been a news-rich year. Attributed to a campaign that began months earlier, the information security teams of government agencies and private organizations quickly shifted their focus to a vulnerability in the SolarWinds… | Vulnerability | Solardwinds Solardwinds | |
 |
2020-12-21 02:00:00 | How to prepare for the next SolarWinds-like threat (lien direct) | The insertion of malware into SolarWinds' popular Orion network management software sent the federal government and major parts of corporate America scrambling this week to investigate and mitigate what could be the most damaging breach in US history. The malware, which cybersecurity company FireEye (itself the first public victim of the supply chain interference) named SUNBURST, is a backdoor that can transfer and execute files, profile systems, reboot machines and disable system services. | Malware Threat | Solardwinds | |
|
2020-12-18 19:01:07 | Sunburst\'s C2 Secrets Reveal Second-Stage SolarWinds Victims (lien direct) | Examining the backdoor's DNS communications led researchers to find a government agency and a big U.S. telco that were flagged for further exploitation in the spy campaign. | Solardwinds Solardwinds | ||
|
2020-12-18 18:33:13 | VMware Flaw a Vector in SolarWinds Breach? (lien direct) | U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. | Hack | Solardwinds | |
|
2020-12-18 13:00:20 | Sunburst: connecting the dots in the DNS requests (lien direct) | We matched private and public DNS data for the SUNBURST-malware root C2 domain with the CNAME records, to identify who was targeted for further exploitation. In total, we analyzed 1722 DNS records, leading to 1026 unique target name parts and 964 unique UIDs. | Guideline | Solardwinds |
To see everything:
Our RSS (filtrered)
