Weekly Intelligence Summary 18 December

December 18, 2020

The US-based IT company SolarWinds confirmed that its network management system, Orion Platform, was exploited to conduct a highly sophisticated, manual supply-chain attack. According to SolarWinds, a threat actor obtained access to the company’s systems and implanted malicious code into Orion software builds. Approximately 18,000 SolarWinds customers then installed malicious Orion updates that enabled the attacker to deploy a backdoor, dubbed SUNBURST or Solarigate, into victims’ systems and steal information. It is highly likely that a state-sponsored threat actor/group is responsible but, at the time of writing, there is not enough information to confirm this. Although the attacker’s motives and future intentions are not clear, they will likely use stolen information to conduct additional attacks in the short-term future (one to three months).

Previous Report
Weekly Intelligence Summary 23 December
Weekly Intelligence Summary 23 December

The notorious Automated Vending Cart (AVC) website Joker’s Stash allegedly displayed a notification that th...

Next Report
Weekly Intelligence Summary 11 December
Weekly Intelligence Summary 11 December

A global spearphishing campaign targeted organizations associated with a COVID-19 vaccine cold chain.

Want To Try Our Digital Risk Protection Tool?

Get Started Free