This DLL backdoor is known as Sunburst (FireEye) or Solorigate (Microsoft, and is loaded by the program. This DLL was then distributed to SolarWinds customers in a supply chain attack via an automatic update platform used to push out new software updates. One of SolarWinds' customers who was breached in this attack is FireEye.Īs part of the attack, the threat actors gained access to the SolarWinds Orion build system and added a backdoor to the legitimate .dll DLL file. government issued a coordinated report that SolarWinds had been hacked by state-sponsored threat actors believed to be part of the Russian S.V.R. It was not known how the hackers gained access to FireEye's network until Sunday, December 13th, 2020, when Microsoft, FireEye, SolarWinds, and the U.S. As part of this attack, the threat actors stole Red Team assessment tools that FireEye uses to probe its customers' security. While we learned of SolarWinds' attack on December 13th, the first disclosure of its consequence was made on December 8th when leading cybersecurity firm FireEye revealed that it was hacked by a nation-state APT group. The information is distilled into a format that will hopefully explain the attack, who its victims are, and what we know to this point. Since the SolarWinds supply chain attack was disclosed in December, there has been a whirlwind of news, technical details, and analysis released about the hack.īecause the amount of information that was released in such a short time is definitely overwhelming, we have published this as a roundup of SolarWinds news.
0 kommentar(er)
