Weekly: SolarWinds Supply-Chain Attack Round-Up

December 18, 2020 Digital Shadows

ShadowTalk hosts Kacey, Charles, Alec, and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover all things SolarWinds:

  • An overview of the campaign and event timelines
  • SolarWinds' SEC filing and its implications
  • Early indicators of compromise, including public FTP creds and an access listing
  • What we can expect from this attack as time goes on

Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-18-december

***Resources from this week’s podcast***

Microsoft: https://msrc-blog.microsoft.com/2020/12/13/customer-guidance-on-recent-nation-state-cyber-attacks/

SolarWinds: https://www.solarwinds.com/securityadvisory

FireEye: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html

DomainTools: https://www.domaintools.com/resources/blog/unraveling-network-infrastructure-linked-to-the-solarwinds-hack?utm_source=Social&utm_medium=twitter&utm_campaign=SUNBURST#

FTP Creds (2019): https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/

SEC Filing: https://portal.pannus.uk/client/intelligence/incident/67083793 https://www.sec.gov/ix?doc=/Archives/edgar/data/1739942/000162828020017451/swi-20201214.htm

Dark Halo: https://portal.pannus.uk/client/intelligence/incident/67128769 https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/

SolarWinds Blog: https://www.digitalshadows.com/blog-and-research/solarwinds-compromise-what-security-teams-need-to-know/

Previous Report
Weekly Intelligence Summary 23 December
Weekly Intelligence Summary 23 December

The notorious Automated Vending Cart (AVC) website Joker’s Stash allegedly displayed a notification that th...

Next Report
Weekly Intelligence Summary 18 December
Weekly Intelligence Summary 18 December

SolarWinds confirmed that its network management system, Orion Platform, was exploited to conduct a highly ...

×

Cyber Threat Intelligence Solutions Guide

First Name
Last Name
Company
Job Title
Country
Thank you!
Error - something went wrong!